The U.S. House Select Committee on the Chinese Communist Party (CCP) has issued a warning about an ongoing cyber espionage campaign linked to Beijing, targeting a wide range of stakeholders involved in U.S.–China trade policy.
According to the Committee, the China-linked hacking group APT41 impersonated Rep. John Moolenaar (R-Mich.), chair of the committee, in a July 2025 phishing campaign that delivered malware to law firms, government agencies, think tanks, business associations, and at least one foreign government.
The attack was strategically timed to coincide with U.S.–China trade negotiations in Sweden, which resulted in an extension of the tariff truce.
The operation relied on highly convincing spear-phishing emails that appeared to come from Chairman Moolenaar. The lures included fake draft legislation and official-looking communications, designed to encourage recipients to open malware-laced attachments.
Researchers at Mandiant confirmed the malware's capabilities allowed for deep surveillance inside targeted organizations. Attackers also exploited cloud services and developer tools to conceal their activity and exfiltrate data—a tactic increasingly common in state-sponsored intrusions.
Adding to the sophistication, The Wall Street Journal reported that the attackers used AI-generated spoofing techniques, not only impersonating Moolenaar but also other senior U.S. officials, including Secretary of State Marco Rubio and White House Chief of Staff Susie Wiles.
[RELATED: Marco Rubio Impersonation Reveals Growing Threat of AI-Powered Attacks]
In a statement, Chairman Moolenaar condemned the espionage campaign. "This is another example of China's offensive cyber operations designed to steal American strategy and leverage it against Congress, the Administration, and the American people," Moolenaar said.
The Committee has shared technical indicators of compromise (IOCs) with the FBI and U.S. Capitol Police, which are conducting investigations.
A previous spear-phishing attempt in January 2025 targeted Select Committee staff, with emails spoofing representatives of the Chinese state-owned enterprise ZPMC in an effort to steal Microsoft 365 credentials.
As in prior incidents, the Chinese Embassy in Washington, D.C., denied involvement, warning that cyber attribution is unreliable and accusing U.S. officials of "making groundless accusations without solid proof."
Cybersecurity firms warn this campaign reflects a wider surge in Chinese cyber activity. CrowdStrike and other threat intelligence providers have tracked an increase in espionage against U.S. government and policy institutions throughout 2025.
APT41 is particularly concerning due to its hybrid model: the group has historically engaged in both espionage and financially-motivated intrusions, thereby blurring the line between state and criminal cyber operations.
The use of AI-generated phishing and spoofing marks an escalation in tactics, raising alarms about the potential for deepfake-driven disinformation and AI-enhanced social engineering in sensitive political contexts.
The campaign highlights how cyber threats now occupy a central position in geopolitics, particularly in high-stakes negotiations such as in U.S.–China trade. It also highlights the challenges defenders face as AI accelerates adversary capabilities.
For organizations involved in trade, policy, or diplomacy, the case is a reminder to:
Harden email defenses against impersonation and spear-phishing;
Monitor for abuse of cloud services and unusual developer tool activity;
Share threat intelligence across the public and private sectors.
Follow SecureWorld News for more stories related to cybersecurity.