Chinese hackers posing as Rep. John Moolenaar (R-MI) quietly mounted a precision spear-phishing campaign this summer, slipping a malware-seeded “legislation draft” into Washington’s bloodstream just as U.S.–China trade tensions were heating up. According to reporting shared with congressional offices, the blast went to staff on Moolenaar’s Select Committee on the Strategic Competition with the CCP, plus contacts across trade associations, law firms, and multiple federal agencies—exactly the universe that would be eager to peek at a sanctions bill and offer feedback.

Several recipients smelled something off—the sender wasn’t a .gov account—and escalated. Within hours, the FBI and U.S. Capitol Police cyber teams were on it. Forensic analysis traced the payload to APT41, the prolific Chinese outfit known by a rogues’ gallery of aliases (“Double Dragon,” “Wicked Panda,” “Bronze Atlas,” “Barium”). The crew has long been tied to China’s Ministry of State Security and is notorious for blending official espionage with side-hustle cybercrime, from raiding corporate IP to ripping off the video-game industry.

Here’s how this one worked. The email impersonated Moolenaar, attached what looked like a working copy of a sanctions proposal, and asked for “insights.” The document itself carried the infection; opening or downloading it would have launched the malware, giving the attackers a foothold to move laterally, exfiltrate correspondence, and potentially read sensitive deliberations about China policy. Investigators say the objective was straightforward: gain visibility into what advice the administration and Congress were getting from the D.C. policy ecosystem as trade actions were being hashed out.

Officials haven’t publicly confirmed whether any networks were fully compromised, but early indications suggest the damage was limited—both because the ruse was flagged quickly and because more Hill offices now treat any “urgent” attachment with suspicion, even when it looks like it came from a trusted name. That kind of basic cyber hygiene—checking the domain, hovering over links, quarantining unexpected files, and calling the purported sender—can be the difference between a scare and a breach.

APT41’s fingerprints fit the moment. The group is infamous for an expansive toolset and patient social-engineering: craft a message that looks normal, make it feel timely and important, and personalize it just enough that a busy staffer clicks first and thinks later. Masquerading as Moolenaar—one of the House’s most vocal China hawks—was a cynical but savvy choice. If you’re trying to spy on U.S. deliberations, there’s no better lure than a “draft” from the CCP committee chair.

Why the Hill? Because congressional inboxes are soft targets sitting atop valuable intel. Staffers correspond with lobbyists, outside experts, industry executives, and administration officials. A single successful phish can expose months of strategy emails, schedules, and attachments across multiple institutions. And when trade restrictions, export controls, or sanctions are on the table, Beijing’s interest isn’t abstract—it’s bottom-line national strategy.

There’s also a broader lesson. Washington’s political fights with China are playing out in parallel online campaigns where foreign services try to read our mail, shape narratives, and pre-position inside networks for future leverage. Today it’s a fake sanctions draft. Tomorrow it could be a forged committee memo, a doctored whistleblower tip, or a credential-harvesting site cloned to look like a House portal. The tactics evolve; the defense still starts with the same checklist: trust but verify, and preferably verify before you click.

For Moolenaar’s team, the incident underscores why his committee exists in the first place. Strategic competition isn’t just tariffs and hearings; it’s day-to-day resilience against a capable adversary who mixes espionage, influence ops, and brazen cyber intrusions. The good news this round is that plenty of targets did the right thing—ignored the bait, alerted security, and contained the threat. That’s not glamorous, but it’s exactly how you keep a headline about “fake Moolenaar emails” from turning into a months-long data-loss saga.

Expect copycats. APT41 and its look-alikes iterate quickly, and they will recycle successful themes. Expect, too, more impersonations of high-profile lawmakers, committee staff directors, and even journalists to lure policy hands into opening “embargoed” drafts. The counter is culture: relentless training, locked-down attachment policies, and a healthy dose of skepticism—especially when a surprise message arrives at exactly the right time with exactly the document you were hoping to see.