The House Select Committee on China has reported a series of cyber-espionage campaigns that it attributes to the Chinese Communist Party. According to the committee, these operations have targeted organizations and individuals involved in U.S.–China trade policy and diplomacy. The targets include U.S. government agencies, business groups, law firms in Washington D.C., think tanks, and at least one foreign government.
Committee officials stated that in recent weeks, suspected Chinese cyber-attackers impersonated Chairman John Moolenaar through email messages sent to trusted contacts. These emails attempted to trick recipients into opening files or links that would give attackers access to sensitive systems and information during ongoing high-level U.S.–China trade discussions. Technical analysis by the committee found that the perpetrators used software and cloud services to hide their activities while attempting to steal data.
"This is another example of China’s offensive cyber operations designed to steal American strategy and leverage it against Congress, the Administration, and the American people," said Chairman Moolenaar. "We will not be intimidated, and we will continue our work to keep America safe.”
The committee noted that these incidents are similar to a spear-phishing campaign from January 2025 targeting four staff members working on a confidential investigation into ZPMC, a major Chinese state-owned manufacturer. In this case, attackers posed as a ZPMC North America representative using file-sharing deception intended to obtain Microsoft 365 credentials without using malware.
Based on their review of timing, methods, and targets—as well as outside assessments—the committee believes these actions represent state-backed cyber-espionage efforts by the CCP aimed at influencing U.S. policy decisions and negotiation strategies for an advantage in trade and foreign relations. The analysis revealed that attackers exploited developer tools to create hidden channels for transferring stolen data directly to their own servers.
The committee has shared its findings with the FBI and U.S. Capitol Police. It also plans continued collaboration with federal partners and affected organizations for defensive measures or investigations as needed.
