U.S. Authorities Investigating Malicious Email Targeting Trade Talks with China

Cybersecurity

U.S. federal authorities have initiated an investigation into a malware campaign targeting trade negotiations between Washington and Beijing. This attack surfaced in July 2025 and involved fraudulent emails allegedly sent by Representative John Moolenaar, chairman of the House Select Committee on Strategic Competition between the United States and Chinese Communist Party.

The campaign targeted U.S. trade groups, law firms, and government agencies, using weaponized emails to gather intelligence on America’s trade strategy with China.

The attack’s timing was strategic, coinciding with U.S.-China trade talks in Sweden, which resulted in an extension of the tariff truce until early November, when President Donald Trump and Chinese leader Xi Jinping were scheduled to meet at an Asian economic summit.

Cybersecurity experts traced the malware to APT41, a hacker group with ties to Chinese intelligence. The sophisticated nature of the operation indicates state-sponsored backing and advanced persistent threat capabilities. The fraudulent emails used social engineering tactics, with subject lines like “Your insights are essential,” requesting recipients to review proposed legislation. Opening the attached draft would deploy malware, granting attackers access to networks and communications.

Advanced Persistence and Evasion Mechanisms

The malware campaign employed infection methods to maintain persistent access and avoid detection. The attack vector involved malicious document attachments with embedded macros or zero-day vulnerabilities in office applications. Upon execution, the malware established command and control communications for remote system access.

Attackers used spoofing techniques to impersonate Representative Moolenaar’s correspondence, enhancing authenticity through legitimate email signatures and formatting. Detection of the campaign occurred when Moolenaar’s committee staff received inquiries about emails they did not send, prompting an internal investigation.

The U.S. Capitol Police and FBI have launched formal investigations, while authorities have not disclosed specific details of the ongoing probe. China’s embassy in Washington denied involvement, stating their opposition to cyber attacks and calling for evidence-based accusations.