US House Select Committee warns of ongoing PRC cyber-espionage targeting trade policy stakeholders
Written by Black Hot Fire Network on September 9, 2025
The U.S. House Select Committee on China has warned of sophisticated cyber-espionage campaigns linked to the Chinese Communist Party. These operations are targeting U.S.–China trade and diplomacy networks, including government agencies, law firms, think tanks, business organizations, and at least one foreign government. The targeting of these stakeholders highlights the strategic stakes of economic diplomacy. At the same time, the resurgence of groups like Volt Typhoon underscores the persistent threat to critical infrastructure and sensitive data.
In one striking example, hackers impersonated Rep. John Moolenaar, chairman of the House committee on U.S.–China competition, sending spyware-laden emails to trade groups and government offices in the lead-up to high-stakes trade talks in Sweden. The operation has been attributed to APT41, a group tied to China’s Ministry of State Security, highlighting the precision and political focus of these attacks.
These suspected Chinese cyber-attackers impersonated Chairman Moolenaar in emails to trusted counterparts, attempting to deceive recipients and get them to open files and links that would grant the cyber-attackers access to their systems and information during ongoing, high-level U.S.–China trade engagements, unbeknownst to the victim. Highly skilled technical analysis by the Committee confirms that the perpetrators abused software and cloud services to hide their activity in attempts to steal sensitive data, a hallmark of state-sponsored tradecraft.
Meanwhile, the massive ‘Salt Typhoon’ campaign reportedly targeted global telecommunications networks across more than 80 countries, potentially compromising sensitive data belonging to high-profile Americans. Adding to the concern, the Chinese-affiliated threat group Volt Typhoon has rebuilt its botnet after a partial disruption by the FBI earlier this year, signaling the persistence and adaptability of state-linked cyber actors.
“This is another example of China’s offensive cyber operations designed to steal American strategy and leverage it against Congress, the Administration, and the American people,” Chairman Moolenaar said in a Monday statement. “We will not be intimidated, and we will continue our work to keep America safe.”
These incidents follow a January 2025 spear-phishing campaign that targeted four Select Committee staff members who were working on a confidential investigation into ZPMC, a Chinese state-owned enterprise and manufacturer. The cyber-attackers posed as a ZPMC North America representative and used a file-sharing deception in an attempt to trick the staffers into going to a webpage designed to steal Microsoft 365 credentials, with no malware required.
Based on the targeting, timing, and methods, and consistent with outside assessments, the House Select Committee believes this activity to be CCP state-backed cyber-espionage aimed at influencing U.S. policy deliberations and negotiation strategies to gain an advantage in trade and foreign policy.
“Our analysis shows cyber-attackers exploited developer tools to create hidden pathways and then secretly siphoned data straight to their own servers,” the House Select Committee statement added. “We provided this information to the FBI and the U.S. Capitol Police, and the Committee will continue to share indicators with federal partners and impacted organizations and will support any necessary defensive or investigative actions.”
Recently, global cybersecurity agencies issued a joint advisory outlining ongoing malicious activity by state-sponsored APT (advanced persistent threat) actors from the People’s Republic of China. The advisory warns of a deliberate and sustained campaign by these actors to gain long-term access to global critical infrastructure networks. The agencies strongly urge network defenders to hunt for malicious activity and apply the mitigations in the advisory to reduce the threat of Chinese state-sponsored and other malicious cyber activity.
