Chinese APT41 Hackers Targeted U.S. Trade Officials Amid 2025 Negotiations
“Chinese hackers are now targeting U.S. trade officials for huge monetary profit at once.”
Amid tense trade negotiations between the United States and China, the House Select Committee on China has publicly released advice warning about an “ongoing” series of highly targeted cyber espionage efforts associated with the People’s Republic of China (PRC).
House Select Committee
| “These efforts aim to undermine institutions and people engaged in U.S.-China trade policy and diplomacy, such as at least one foreign country, U.S. government agencies, U.S. industry associations, D.C. law firms, and think tanks,” the committee said. |
In order to fool trusted counterparts into opening files and links that would allow them to gain unauthorized access to their systems and sensitive data without their knowledge, the committee observed that suspected threat actors from China posed as Republican Party Congressman John Robert Moolenaar in phishing emails.
By manipulating software and cloud services to hide signs of their activity, the attackers ultimately aimed to steal important data—a strategy frequently used by state-sponsored hackers to avoid detection.
John Robert Moolenaar, Republican Party Congressman
| “Moolenaar, who is also the Chairman of the House Select Committee on the Communist Party of China (CCP), described this as another instance of China’s offensive cyber activities intended to pilfer American strategy and use it against Congress, the Administration, and the American people. “We will not be intimidated, and we will continue our work to keep America safe.” |
The announcement follows days after The Wall Street Journal reported on September 7, 2025, that Moolenaar sent an email to a number of trade associations, legal companies, and U.S. government organizations requesting their opinions on proposed penalties against China.
“The message’s contents purportedly stated, “Your insights are essential,” and included an attachment with a draft version of the law that, when run, used malware to collect private information and obtain a firm foothold in the targeted businesses.
The attack is thought to have been carried out by APT41, a well-known hacker collective that targets a variety of industries and regions for cyber espionage.
Chinese Embassy, Washington
| “The Chinese embassy in Washington told Reuters in a statement that China “strongly opposes and combats all forms of cyber attacks and cyber crime.” Additionally, we are adamantly against defaming anyone without sufficient proof.” |
Yejin Jang, Vice President, Government Affairs, Abnormal AI
| “The attackers created urgency and legitimacy that encouraged quick responses by posing as Rep. Moolenaar (R-MI), a well-known Beijing critic,” Abnormal AI’s vice president of government affairs, Yejin Jang, told The Hacker News.
“Political communication is not limited to official government accounts or gadgets. This truth is recognized by sophisticated enemies, who actively take advantage of it. By using personal or non-official means to pose as trusted officials, attackers circumvent conventional security measures while enhancing their legitimacy.” “The Committee considers this conduct to be CCP state-backed cyber-espionage that aims to influence U.S. policy discussions and negotiation strategies to obtain an edge in trade and foreign policy, based on the targeting, timing, and techniques, as well as in accordance with external assessments,” it said. |
The committee also pointed out that the campaign comes after another spear-phishing attempt in January 2025 that sent emails purporting to be from ZPMC’s North America representative, a Chinese state-owned crane manufacturer, to its employees.
The attack attempted to fool the recipients into clicking on a link intended to steal Microsoft 365 user credentials by using phony file-sharing alerts. Additionally, the attackers used developer tools to secretly exfiltrate data directly to servers under their control and build hidden paths.
Notably, the committee released an investigative report in September 2024 that claimed ZPMC’s market dominance in ship-to-shore (STS) port cranes could “serve as a Trojan horse” and enable the CCP and China to manipulate and take advantage of U.S. maritime technology and equipment at their request.
About The Author
Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”
Read More:
Old Coins and Cyber Fraud: Youth Lose Money Under False Pretences
About Author
English