As evidence has emerged that Chinese hackers attempted to distribute spyware targeting trade-related organizations and agencies by impersonating a U.S. Congressman, the FBI has launched an investigation. The attack, which occurred amid ongoing U.S.-China trade negotiations, is expected to have wide repercussions.
According to the Wall Street Journal (WSJ) and Bloomberg on the 7th (local time), hackers sent emails disguised as coming from Congressman John Moolenaar (Republican-Michigan), the chair of the House China Committee, to various trade organizations, law firms, and government agencies. The emails included a request to review a draft of a Chinese sanctions bill, and it is reported that opening the email could allow spyware to be installed.
Cybersecurity experts suspect that this attack is the work of the hacking group 'APT41,' which is known to be linked to the Ministry of State Security of China. This group has previously been indicted for stealing trade secrets, data breaches, and embezzling funds from video games.
The FBI and Capitol Police are investigating the incident. The FBI stated that it is "working with partner agencies to track down those responsible," but has not disclosed specific details. Congressman Moolenaar noted, "This is another example of China attempting to steal and exploit U.S. strategies," adding, "We will not be intimidated."
China has denied the allegations from the U.S. The Chinese Embassy in Washington stated, "China opposes cyber attacks" and added, "We also oppose the slandering of other countries without solid evidence."
The attack occurred just before U.S.-China trade negotiations that were scheduled to take place in Sweden in July last year. Although the U.S. and China later agreed to extend a tariff ceasefire, there are analyses that information warfare continued during the negotiation process.
Cybersecurity company Mandiant, which investigated the incident, stated, "If the recipient had opened the attached bill, the hackers could have penetrated deeply into the organization's internal systems." Whether there was a real breach has not been confirmed.
Recent cyber attacks impersonating senior U.S. officials have been frequent. In July, the U.S. State Department warned that messages mimicking the voice of Secretary of State Marco Rubio, created using artificial intelligence (AI), were being sent to foreign officials. A separate investigation is ongoing into attempts to impersonate a senior White House advisor.
Congressman Moolenaar, who was targeted in the email attack, is regarded as a prominent hardliner. Earlier this year, he criticized, "The Chinese leadership sees the U.S. as an enemy that must be harmed." Experts believe that China's targeting of key congressional figures is intended to gain insights into U.S. strategies toward China.