US lawmakers have accused the Chinese government of being behind a cyber espionage campaign that impersonated a prominent Congressman.
The House Select Committee on Strategic Competition between the US and the Chinese Communist Party (CCP) said that CCP-affiliated actors impersonated its Chairman, Representative John Moolenaar (R-MI), in emails to “trusted counterparts” to try and trick them into malicious files and links.
These files and links were designed to grant the attackers access to victim systems, in order to obtain information during ongoing, high-level US-China trade engagements.
Such information would then be used to attempt to influence US policy deliberations and negotiation strategies to gain an advantage in trade and foreign policy.
Moolenaar was impersonated in emails “in recent weeks and on multiple occasions,” the Committee wrote.
A technical analysis by the Committee found that the threat actors abused software and cloud services to hide their activity in attempts to steal sensitive data, a hallmark of state-sponsored tradecraft.
“This is another example of China’s offensive cyber operations designed to steal American strategy and leverage it against Congress, the Administration, and the American people,” commented Moolenaar.
“We will not be intimidated, and we will continue our work to keep America safe,” he added.
The Committee statement was published on September 8, a day after report by the Wall Street Journal found that the FBI was investigating a bogus email from Moolenaar, which contained malware traced back to the Chinese-linked APT41 threat actor.
Chinese Campaigns Designed to Influence Trade Talks
The House Select Committee highlighted the email impersonations of Moolenaar as part of an “ongoing series” of highly targeted cyber-espionage campaigns it has concluded are linked to the CCP.
These have come amid trade talks between US President Trump’s administration and China.
Read now: Chinese Tech Firms Linked to Salt Typhoon Espionage Campaigns
“These campaigns seek to compromise organizations and individuals involved in US–China trade policy and diplomacy, including US government agencies, US business organizations, D.C. law firms and think tanks, and at least one foreign government,” the Committee wrote.
These incidents follow a spear-phishing campaign that targeted four select committee staff members who were working on a confidential investigation into ZPMC, a leading Chinese state-owned enterprise and manufacturer, the House Committee on China noted.
In this campaign, the attackers impersonated a ZPMC North America representative and used file-sharing deception in an attempt to trick the staffers to go to a webpage designed to steal Microsoft 365 credentials. No malware was required in this campaign.
After gaining access into target systems, the attackers exploited developer tools to create hidden pathways and then secretly siphoned data straight to their own servers.
“We provided this information to the FBI and the US Capitol Police, and the Committee will continue to share indicators with federal partners and impacted organizations and will support any necessary defensive or investigative actions,” the Committee added.
