Committee Statement on Ongoing PRC Cyber-Espionage Targeting U.S. Trade Policy Stakeholders

WASHINGTON, D.C. — The House Select Committee on China is alerting the public to an ongoing series of highly targeted cyber-espionage campaigns that we have concluded are linked to the Chinese Communist Party. These campaigns seek to compromise organizations and individuals involved in U.S.–China trade policy and diplomacy, including U.S. government agencies, U.S. business organizations, D.C. law firms and think tanks, and at least one foreign government.
In recent weeks and on multiple occasions, suspected Chinese cyber-attackers impersonated Chairman John Moolenaar in emails to trusted counterparts, attempting to deceive recipients and get them to open files and links that would grant the cyber-attackers access to their systems and information during on-going, high-level U.S.–China trade engagements, unbeknownst to the victim. Highly skilled technical analysis by the Committee confirms that the perpetrators abused software and cloud services to hide their activity in attempts to steal sensitive data, a hallmark of state-sponsored tradecraft.
"This is another example of China’s offensive cyber operations designed to steal American strategy and leverage it against Congress, the Administration, and the American people," said Chairman Moolenaar. "We will not be intimidated, and we will continue our work to keep America safe.”
These incidents follow a January 2025 spear-phishing campaign that targeted four Select Committee staff members who were working on a confidential investigation into ZPMC, a leading Chinese state-owned enterprise and manufacturer. The cyber-attackers posed as a ZPMC North America representative and used a file-sharing deception in an attempt to trick the staffers to go to a webpage designed to steal Microsoft 365 credentials, with no malware required.
Based on the targeting, timing, and methods, and consistent with outside assessments, the Committee believes this activity to be CCP state-backed cyber-espionage aimed at influencing U.S. policy deliberations and negotiation strategies to gain an advantage in trade and foreign policy. Our analysis shows cyber-attackers exploited developer tools to create hidden pathways and then secretly siphoned data straight to their own servers.
We provided this information to the FBI and the U.S. Capitol Police, and the Committee will continue to share indicators with federal partners and impacted organizations and will support any necessary defensive or investigative actions.