loader image
Phishing email impersonating lawmaker from US-China Business Council; linked to China APT41 group cyberattack.
China’s APT41 Impersonates US Lawmaker in Spy Campaign

A China-linked cyberespionage group known as APT41 impersonated a U.S. lawmaker in phishing attacks targeting government agencies, think tanks, and academics focused on U.S.-China trade and policy. The campaign, observed by Proofpoint in July and August 2025, used economic-themed lures to collect intelligence during sensitive trade negotiations between the two nations.

APT41, also tracked as TA415, disguised itself as the Chair of the Select Committee on Strategic Competition with China and the US-China Business Council. In this operation, China APT41 impersonates lawmaker emails that directed recipients to download password-protected files from cloud services. These files deployed malware designed to establish persistent remote access via VS Code Remote Tunnels.

Researchers linked the activity to TA415 through infrastructure overlap and tactics consistent with Chinese state interests. The group operates from Chengdu under the name Chengdu 404 Network Technology, with ties to other contractors and China’s Ministry of State Security.

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

Write a Reply or Comment

Your email address will not be published. Required fields are marked *