Ethical Hacking News
A newly released report from the House Select Committee on China warns of an escalating series of sophisticated cyber espionage campaigns linked to the People's Republic of China (PRC) amid contentious U.S.-China trade talks. The campaigns, believed to be carried out by APT41, target U.S. trade officials, government agencies, and business organizations involved in U.S.-China trade policy and diplomacy.
The advisory warns of a heightened threat of state-sponsored cyber attacks, which could compromise sensitive information without the knowledge or consent of targeted individuals or organizations. The House Select Committee on China has issued its formal advisory warning as part of efforts to strengthen cybersecurity measures and protect against these types of attacks.
APT41 hackers have been carrying out sophisticated cyber espionage campaigns targeting U.S. trade officials amid 2025 negotiations.The attacks aim to compromise organizations and individuals involved in U.S.-China trade policy and diplomacy, including government agencies and business organizations.APT41 impersonated Republican Party Congressman John Robert Moolenaar in phishing emails to trick trusted counterparts into opening files and links that granted unauthorized access to their systems.The attacks used software and cloud services to cover up traces of their activity, a tactic often adopted by state-sponsored hackers to evade detection.The campaign is believed to be the work of APT41, a prolific hacking group known for its targeting of diverse sectors and geographies for cyber espionage.The attack aimed to steal valuable data and gain entrenched access to targeted organizations, including at least one foreign government.
China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations
The recent uptick in sophisticated cyber espionage campaigns, linked to the People's Republic of China (PRC), has raised serious concerns among U.S. policymakers and trade officials. The House Select Committee on China has issued a formal advisory warning of these ongoing series of highly targeted cyber espionage campaigns, which are being carried out by APT41, a prolific hacking group known for its targeting of diverse sectors and geographies.
According to the advisory, these campaigns seek to compromise organizations and individuals involved in U.S.-China trade policy and diplomacy, including U.S. government agencies, U.S. business organizations, D.C. law firms and think tanks, and at least one foreign government. The committee noted that suspected threat actors from China impersonated Republican Party Congressman John Robert Moolenaar in phishing emails sent to trusted counterparts with an aim to deceive them and trick them into opening files and links that would grant them unauthorized access to their systems and sensitive information without their knowledge.
The end goal of the attacks was to steal valuable data by abusing software and cloud services to cover up traces of their activity, a tactic often adopted by state-sponsored hackers to evade detection. This is another example of China's offensive cyber operations designed to steal American strategy and leverage it against Congress, the Administration, and the American people," said Moolenaar, who is also the Chairman of the House Select Committee on the Communist Party of China (CCP). "We will not be intimidated, and we will continue our work to keep America safe."
The statement comes days after a report from The Wall Street Journal, which revealed on September 7, 2025, that several trade groups, law firms, and U.S. government agencies received an email message from Moolenaar asking their input on proposed sanctions against China. "Your insights are essential," the contents of the message allegedly read, along with an attachment containing a draft version of the legislation that, when launched, deployed malware to gather sensitive data and gain entrenched access to the targeted organizations.
This attack is believed to be the work of APT41, a prolific hacking group known for its targeting of diverse sectors and geographies for cyber espionage. "By impersonating Rep. Moolenaar (R-MI), a known Beijing critic, the attackers created urgency and legitimacy that encouraged fast responses," Yejin Jang, vice president of government affairs at Abnormal AI, told The Hacker News.
"Sophisticated adversaries understand this reality and actively exploit it. By masquerading as trusted officials through personal or non-official channels, attackers bypass traditional security controls while amplifying authenticity." The committee also noted that the campaign follows another spear-phishing campaign in January 2025 that targeted its staffers with emails that falsely claimed to be from the North America representative of ZPMC, a Chinese state-owned crane manufacturer.
The attack used fake file-sharing notifications in an attempt to trick the recipients into clicking on a link that's designed to steal Microsoft 365 login credentials. The adversaries also exploited developer tools to create hidden pathways and covertly exfiltrated data straight to servers under their control.
It's worth noting that the committee, in September 2024, published an investigative report alleging how ZPMC's dominance in the ship-to-shore (STS) port crane market could "serve as a Trojan horse" and help the CCP and China exploit and manipulate U.S. maritime equipment and technology at their request.
"Based on the targeting, timing, and methods, and consistent with outside assessments, the Committee believes this activity to be CCP state-backed cyber-espionage aimed at influencing U.S. policy deliberations and negotiation strategies to gain an advantage in trade and foreign policy," it said.
This latest development has raised serious concerns among U.S. policymakers and trade officials, who are working to strengthen cybersecurity measures to protect against these types of attacks. The House Select Committee on China has issued a formal advisory warning of these ongoing series of highly targeted cyber espionage campaigns, which are being carried out by APT41, a prolific hacking group known for its targeting of diverse sectors and geographies.
Related Information:
https://www.ethicalhackingnews.com/articles/APT41-Hackers-Target-US-Trade-Officials-Amid-2025-Negotiations-ehn.shtml
https://thehackernews.com/2025/09/china-linked-apt41-hackers-target-us.html
Published: Wed Sep 10 05:31:29 2025 by llama3.2 3B Q4_K_M
