U.S. Authorities Investigating Malicious Email Targeting Trade Talks with China

U.S. federal authorities have launched an investigation into a sophisticated malware campaign that targeted sensitive trade negotiations between Washington and Beijing.

The attack, which surfaced in July 2025, involved fraudulent emails purportedly sent by Representative John Moolenaar, chairman of the House Select Committee on Strategic Competition between the United States and Chinese Communist Party.

The malicious campaign specifically targeted U.S. trade groups, law firms, and government agencies with weaponized emails designed to harvest intelligence on America’s trade strategy with China.

The timing of the attack proved particularly strategic, occurring just before crucial U.S.-China trade talks in Sweden that ultimately led to an extension of the tariff truce until early November, when President Donald Trump and Chinese leader Xi Jinping were scheduled to meet at an Asian economic summit.

Cybersecurity experts traced the malware back to APT41, a notorious hacker group with established ties to Chinese intelligence operations.

Reuters analysts identified the attack as part of a broader pattern of Beijing-linked cyber espionage campaigns aimed at gaining insights into White House recommendations for contentious trade negotiations.

The sophisticated nature of the operation suggests state-sponsored backing and advanced persistent threat capabilities.

The fraudulent emails employed social engineering tactics, containing subject lines such as “Your insights are essential” and requesting recipients to review what appeared to be legitimate proposed legislation.

However, opening the attached draft legislation would have triggered the malware deployment, potentially granting the attackers extensive access to targeted organizational networks and sensitive communications.

Advanced Persistence and Evasion Mechanisms

The malware campaign demonstrated sophisticated infection mechanisms designed to establish persistent access while evading detection systems.

The attack vector relied on malicious document attachments that likely contained embedded macros or exploited zero-day vulnerabilities in common office applications.

Upon execution, the malware would have established command and control communications, enabling remote access to compromised systems.

The perpetrators employed advanced spoofing techniques to impersonate Representative Moolenaar’s official correspondence, likely harvesting legitimate email signatures and formatting to enhance authenticity.

This approach demonstrates the attackers’ thorough reconnaissance capabilities and their understanding of U.S. political structures and communication patterns.

Detection of the campaign occurred when Moolenaar’s committee staff began receiving inquiries about emails they had never sent, triggering an internal investigation.

The U.S. Capitol Police and FBI have since launched formal investigations, though authorities declined to comment on specific details of the ongoing probe.

China’s embassy in Washington denied involvement, stating they “firmly oppose and combat all forms of cyber attacks and cyber crime” while calling for evidence-based accusations rather than unfounded claims.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.