Chinese Group Accused of Using Fake U.S. Rep. Email to Spy on Trade Talks
A threat group linked to China’s intelligence operations reportedly sent an email containing malware and impersonating a GOP Congressman to federal agencies, trade groups, and law firms in hopes of collecting information about trade talks between the United States and China earlier this year.
The Wall Street Journal reported over the weekend that the emails, which were sent in July as the two countries were gearing up for trade negotiations in Sweden, appeared to come from Representative John Moolenaar (R-MI), who has been in office since 2015 and is a harsh critic of the Chinese government.
Moolenaar is chairman of the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party.
According to the Journal, the email included what was said to be an attached draft of legislation aimed at issuing sanctions against China, and urged the recipients to review the draft, saying that their “insights are essential.” The attached draft contained spyware that could give the hackers access to information on their systems and allowed them to monitor the trade talks.
The news organization said it was unclear if any of the emails in the campaign succeeded. Staff members in Moolenaar’s office became suspicious when they received inquiries via email, the WSJ reported.
The representative reportedly told the news organization that the bogus email was another instance of China using cyber operations to steal information about U.S. strategy, adding that “we will not be intimidated.”
China Denial
Government officials in Beijing denied the allegations, issuing a statement that said the country “firmly opposes and combats all forms of cyber attacks and cyber crime.” It warned the U.S. about “smearing others without solid evidence.”
Moolenaar has targeted China and its activities for several years. Most recently, the representative in June – after two Chinese nationals were arrested for allegedly trying to smuggle a dangerous plant disease into the United States – accused the Chinese Communist Party of “planning to experiment on a plant disease that would devastate Michigan agriculture and the food supply our nation depends on.”
FBI on the Case
The FBI reportedly is investigating the fraudulent email case, which has been attributed to the threat group APT41, one of a large number of state-sponsored espionage groups supported by China’s intelligence gathering organizations that target the United States and other countries. APT41 has been active for more than a decade as a financially motivated group that also works as a contractor for the Chinese government and its espionage operations.
Such hacker-for-hire situations are common practice for China’s intelligence agencies, the U.S. Justice Department said earlier this year.
A Prolific, Adaptable Threat
The group, which is also known as Double Dragon, Wicked Panda, and Barium, made headlines in 2022 when the Secret Service said it had stolen at least $20 million in U.S. Covid relief money from such programs as the Paycheck Protection Program (PPP), Small Business Administration loans, and unemployment insurance funds.
In 2019 and 2020, five Chinese nationals who prosecutors said were members of APT41 and two Malaysian business owners who allegedly conspired with them were charged by the U.S. Justice Department (DOJ) in connection with a campaign in which they were accused of breaking into the computer systems of more than 100 companies in the United States and elsewhere and stealing broad array of data, including source code, software code signing certificates, customer account data, and business information.
The victims ranged from software companies, hardware manufacturers, telecom, and social media and video game companies. Also included are non-profit organizations, universities, think tanks, foreign governments, pro-democracy politicians and activists in Hong Kong, according to the DOJ.
