US lawmakers have accused the Chinese government of being behind a cyber espionage campaign that impersonated a prominent Congressman. The House Select Committee on Strategic Competition between the US and the Chinese Communist Party (CCP) said that CCP-affiliated actors impersonated its Chairman, Representative John Moolenaar (R-MI), in emails to “trusted counterparts” to try and trick them into malicious files and links.[1]
These files and links were designed to grant attackers access to victim systems and to obtain information during ongoing, high-level US-China trade engagements. Such information would then be used to attempt to influence U.S. policy deliberations and negotiation strategies, aiming to gain an advantage in trade and foreign policy. Moolenaar was impersonated in emails “in recent weeks and on multiple occasions,” the Committee wrote.
A technical analysis by the Committee revealed that the threat actors exploited software and cloud services to conceal their activity, in an attempt to steal sensitive data —a hallmark of state-sponsored tradecraft. “This is another example of China’s offensive cyber operations designed to steal American strategy and leverage it against Congress, the Administration, and the American people," commented Moolenaar. "We will not be intimidated, and we will continue our work to keep America safe,” he added.
The Committee statement was published on September 8, 2025, a day after a report by The Wall Street Journal found that the FBI was investigating a bogus email from Moolenaar, which contained malware traced back to the Chinese-linked APT41 threat actor. The House Select Committee highlighted the email impersonations of Moolenaar as part of an “ongoing series” of highly targeted cyber-espionage campaigns it has concluded are linked to the CCP.
These have come amid trade talks between the US President Trump’s administration and China. “These campaigns seek to compromise organizations and individuals involved in US–China trade policy and diplomacy, including US government agencies, US business organizations, DC law firms and think tanks, and at least one foreign government,” the Committee wrote.
These incidents follow a spear-phishing campaign that targeted four select committee staff members who were working on a confidential investigation into ZPMC, a leading Chinese state-owned enterprise and manufacturer, the House Committee on China noted. In this campaign, the attackers impersonated a ZPMC North America representative and used file-sharing deception to trick the staff into visiting a webpage designed to steal Microsoft 365 credentials. No malware was required in this campaign.
After gaining access to target systems, the attackers exploited developer tools to create hidden pathways and then secretly siphoned data straight to their own servers. “We provided this information to the FBI and the US Capitol Police, and the Committee will continue to share indicators with federal partners and impacted organizations and will support any necessary defensive or investigative actions,” the Committee added.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a Notification and a Tier I Mitigation service (RedXray) or an Analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.infosecurity-magazine.com/news/chinese-espionage-impersonates-us/
Comments