As the Trump administration’s trade talks with China were set to begin in Sweden in July, staffers on the House committee focused on US competition with China began to get puzzling inquiries.
Several trade groups, law firms and US government agencies had all received an email appearing to be from the committee’s chairman, Rep. John Moolenaar, asking for input on proposed sanctions with which the legislators were planning to target Beijing.
“Your insights are essential,” the email read, asking the groups to review a draft of the legislation attached to the message. But why had the chairman sent the message from a nongovernment address?
It turned out to be the latest in a series of alleged cyber espionage campaigns linked to Beijing, timed to potentially deploy spyware against organizations giving input on Trump’s trade negotiations.
The FBI and the Capitol Police are investigating the Moolenaar emails, and cyber analysts traced the embedded malware to a hacker group known as APT41 — believed to be a contractor for Ministry of State Security.
US and Chinese officials met in late July in Stockholm — just days after the first email was sent — to pursue the type of high-stakes negotiations that spies in both countries were likely eager to obtain an advantage in. The two countries soon after agreed to extend a tariff truce until early November, when Trump and Xi could meet at an Asian economic summit.
The hacking campaign appeared to be aimed at giving Chinese officials an inside look at the recommendations Trump was receiving from outside groups. It couldn’t be determined whether the attackers had successfully breached any of the targets.
In a statement, Moolenaar said the effort was another example of China’s offensive cyber operations designed to steal American strategy and leverage it. “We will not be intimidated,” he said.
The FBI revealed last month that a Beijing-linked espionage campaign that hit U.S. telecom companies and swept up Trump’s phone calls actually targeted more than 80 countries and reached across the globe.
China’s potential use of Moolenaar as a lure was particularly galling for the committee staffers given that the lawmaker has been a harsh critic of Beijing. China’s leadership “approaches the United States as an enemy to be harmed rather than as a partner,” he said in January.
The spyware would allow the hackers to burrow deep into the targeted organizations if any of the recipients had opened the purported draft legislation.
Another impersonation-based hacking attempt also targeted the China committee. In January, staffers on the committee received emails falsely claiming to be from the CEO of Chinese crane manufacturer ZPMC. Last year, Moolenaar’s committee published a 50-page report alleging that Beijing could remotely seize control of ZPMC cranes at US ports allowing it to spy on American trade flow or disrupt the movement of goods.
The hacking group linked to the Moolenaar emails is known by the FBI as one of China’s most prolific, pulling off a wave of attacks against Washington. It has also allegedly kept up a lucrative side job of crime. In 2020, authorities charged alleged members of the group with stealing digital videogame money as it scooped up trade secrets and user data for Beijing.
https://wsj.com/politics/national-security/china-trade-talks-spy-5c4801ca…
As the Trump administration’s trade talks with China were set to begin in Sweden in July, staffers on the House committee focused on US competition with China began to get puzzling inquiries.
Several trade groups, law firms and US government agencies had all received an email appearing to be from the committee’s chairman, Rep. John Moolenaar, asking for input on proposed sanctions with which the legislators were planning to target Beijing.
“Your insights are essential,” the email read, asking the groups to review a draft of the legislation attached to the message. But why had the chairman sent the message from a nongovernment address?
It turned out to be the latest in a series of alleged cyber espionage campaigns linked to Beijing, timed to potentially deploy spyware against organizations giving input on Trump’s trade negotiations.
The FBI and the Capitol Police are investigating the Moolenaar emails, and cyber analysts traced the embedded malware to a hacker group known as APT41 — believed to be a contractor for 
Ministry of State Security.
US and Chinese officials met in late July in Stockholm — just days after the first email was sent — to pursue the type of high-stakes negotiations that spies in both countries were likely eager to obtain an advantage in. The two countries soon after agreed to extend a tariff truce until early November, when Trump and Xi could meet at an Asian economic summit.
The hacking campaign appeared to be aimed at giving Chinese officials an inside look at the recommendations Trump was receiving from outside groups. It couldn’t be determined whether the attackers had successfully breached any of the targets.
In a statement, Moolenaar said the effort was another example of China’s offensive cyber operations designed to steal American strategy and leverage it. “We will not be intimidated,” he said.
The FBI revealed last month that a Beijing-linked espionage campaign that hit U.S. telecom companies and swept up Trump’s phone calls actually targeted more than 80 countries and reached across the globe.
China’s potential use of Moolenaar as a lure was particularly galling for the committee staffers given that the lawmaker has been a harsh critic of Beijing. China’s leadership “approaches the United States as an enemy to be harmed rather than as a partner,” he said in January.
The spyware would allow the hackers to burrow deep into the targeted organizations if any of the recipients had opened the purported draft legislation.
Another impersonation-based hacking attempt also targeted the China committee. In January, staffers on the committee received emails falsely claiming to be from the CEO of Chinese crane manufacturer ZPMC. Last year, Moolenaar’s committee published a 50-page report alleging that Beijing could remotely seize control of ZPMC cranes at US ports allowing it to spy on American trade flow or disrupt the movement of goods.
The hacking group linked to the Moolenaar emails is known by the FBI as one of China’s most prolific, pulling off a wave of attacks against Washington. It has also allegedly kept up a lucrative side job of crime. In 2020, authorities charged alleged members of the group with stealing digital videogame money as it scooped up trade secrets and user data for Beijing.
wsj.com/politics/natio