A cyberespionage operation believed to be tied to China quietly targeted diplomats and government-linked officials during the holiday season.
The ploy used fake U.S. policy documents to lure victims into opening malicious files, according to new findings from cybersecurity firm Dream Security.
Dream CEO Shalev Hulio told Axios that the effort appears to have been widespread.
"A lot of people" were infected, Hulio said. "We just don't know who and how big [of a] scale."
Researchers at the Israel-based cybersecurity company said the campaign focused on people involved in diplomacy, elections, and international cooperation across multiple countries.
From late December through mid-January, hackers distributed emails containing attachments disguised as official U.S. diplomatic briefings or internal policy summaries.
Unlike many cyberattacks, the operation did not depend on exploiting a software flaw. Opening the file alone was enough to compromise a device.
Once activated, the malware collected information from the system and was designed to keep long-term access to the infected machine, according to Dream.
Dream attributed the campaign to Mustang Panda, a China-linked cyberespionage group with a history of using phishing emails to penetrate government networks and steal sensitive information in the U.S. and abroad.
The activity was first flagged by one of Dream’s artificial intelligence agents — a development Hulio described as the first documented instance of an AI system independently identifying an active China-linked espionage campaign.
"The Chinese are the most sophisticated attackers in the world," Hulio said. "They know how to hide. ... They know how to run under the radar.
"It's very, very difficult to catch them."
Security experts said the case highlights how artificial intelligence is reshaping cyber conflict.
While advanced tools can be used by hostile actors to sharpen attacks and scale operations, they are also becoming critical for early detection — potentially allowing governments to spot foreign espionage efforts before victims are even aware they are being targeted.
Nicole Weatherholtz ✉
Nicole Weatherholtz, a Newsmax general assignment reporter covers news, politics, and culture. She is a National Newspaper Association award-winning journalist.
© 2026 Newsmax. All rights reserved.