China-Linked APT41 Hackers Target U.S. Trade Officials During 2025 Negotiations

In July 2025, just before key trade talks between the United States and China in Sweden, a suspicious email began making rounds. The email looked like it was sent by Representative John Moolenaar, who chairs the House committee on U.S.–China competition. It asked recipients to review a draft of legislation, but the attachment was actually malware.

Cyber experts investigating the email discovered it was linked to APT41, a Chinese state-backed hacking group. This group has been active for years and is known for combining espionage with cybercrime. The malware could have given hackers access to confidential systems and trade-related strategies.

The phishing email was not limited to a single target. It reached trade groups, law firms, think tanks, U.S. government offices, and even one foreign government. This wide reach showed that the attackers were trying to get as much insider information as possible before the negotiations.

U.S. security agencies quickly stepped in after the discovery. The FBI confirmed that it was investigating the attack along with other partners. The U.S. Capitol Police also became involved, though they did not share further details about the case.

At this point, investigators are unsure whether any of the targeted organizations actually opened the infected file. There is no confirmed evidence yet that sensitive information was stolen. Even so, the timing of the attack raised alarms about China’s interest in U.S. trade strategies.

Representative Moolenaar strongly condemned the attack and accused China of using cyber operations to undermine American policy. He stated that the U.S. would not allow intimidation or espionage to influence its national strategy. His words reflected growing frustration in Washington over repeated cyber incidents.

China, on the other hand, denied involvement in the attack. The Chinese embassy in Washington said they were not aware of the case and urged the U.S. not to make accusations without evidence. They also pointed out that cyber threats are a global issue faced by all nations.

The House Select Committee on China also issued a warning about the situation. The committee said that the phishing campaign was part of an ongoing effort by Chinese-linked groups to spy on U.S. policymakers and trade officials. They urged organizations involved in trade matters to be extra cautious.

Experts believe the hackers carefully planned the timing of the attack. Sending malware-filled emails right before major trade talks suggested they were aiming to gain insider knowledge to benefit Beijing in negotiations. This shows how espionage and diplomacy are increasingly tied together in the digital era.

While it is still unclear if any data was stolen, the incident highlights the growing importance of cybersecurity in protecting national interests. As global negotiations take place, protecting sensitive information from foreign hackers has become as critical as the talks themselves.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news