Federal authorities announced Wednesday that they had seized 13 internet domains allegedly used in a scheme linked to Chinese intelligence efforts to recruit current and former U.S. government employees and military personnel with access to sensitive information.
The Department of Justice (DOJ) said the websites posed as consulting firms and sought to obtain classified or otherwise protected information from Americans through fraudulent job offers.
According to court documents, the operation began in November 2023 when conspirators created a network of fake consulting company websites advertising generic research and consulting positions.
The job postings specifically sought individuals with experience in government, military, foreign policy, and national security matters.
Authorities said the sites were designed to attract people with access to valuable government information while concealing the true identities of those behind the recruitment effort.
The DOJ said the websites and associated job postings appeared on employment platforms, including Upwork, Expertia AI, Hubstaff Talent, Wellfound, and Post Job Free.
Investigators alleged that the recruiters targeted current and former security clearance holders as well as other Americans who possessed access to classified or sensitive government information.
Positions advertised by the network included titles such as “Senior Analyst” and “International Affairs Consultant.”
The announcement came one week after the United States, Britain, and other members of the Five Eyes intelligence alliance warned that China was increasingly using online job platforms to identify and recruit individuals with access to government information.
Reuters reported that concerns about such tactics have been growing among Western intelligence agencies in recent years.
Federal investigators said the network used a variety of methods to conceal its true purpose and the identities of those behind it.
Court records allege recruiters operated under false names, created fabricated professional profiles, and relied on computer-generated images to support those identities.
Investigators also said communications frequently shifted to encrypted messaging services, while payment arrangements involved overseas accounts and digital currencies that made transactions more difficult to trace.
Authorities said applicants were asked to produce research and analysis on topics of interest to the recruiters, with some offered significant compensation for their work.
Investigators alleged that recruiters sought confidential and nonpublic information while presenting the assignments as legitimate consulting projects.
Assistant Attorney General for National Security John A. Eisenberg said the case demonstrates how foreign actors attempt to exploit Americans through seemingly legitimate online opportunities.
He warned that offers of easy money for vaguely defined consulting work should be treated with caution, particularly by individuals entrusted with access to sensitive government information.
U.S. Attorney Jeanine Ferris Pirro for the District of Columbia said the seizures were intended to stop efforts to exploit Americans with access to the nation’s most sensitive information.
Pirro said the websites were crafted to appear legitimate but were ultimately designed to deceive potential recruits and obtain protected information.
The FBI said Chinese intelligence services have increasingly used modern technology to support recruitment and espionage efforts.
FBI Counterintelligence and Espionage Division Assistant Director Roman Rozhavsky said investigators have observed Chinese intelligence services using artificial intelligence, professional networking platforms, and online payment systems to target Americans.
He said the seized domains illustrated the lengths to which Chinese intelligence services will go to recruit or coerce individuals into sharing sensitive information.
Special Agent in Charge Daniel Wierzbicki of the FBI’s Washington Field Office said the Chinese government has attempted to hide recruitment efforts behind fake companies and fraudulent job postings.
He said the domain seizures would prevent the websites from continuing to target Americans with access to sensitive information.
A spokesperson for the Chinese Embassy in Washington rejected the allegations, calling claims of a Chinese espionage threat “entirely fabricated” and accusing the United States of spreading false accusations.
The spokesperson said China strongly condemned the allegations.
Authorities identified the seized domains as Centrik Global Consulting, Rightinfo Consulting, Finnacle-Vesper Consulting, CYDF Consulting, Pulse Wave Global, Catalyst Global Solutions, Horizzen, GeoIndopacific, Global Peace Foundation–Indonesia, SafeSec Group, The TruthInfo, Vandercons, and Gulf Peace Foundation.
After the domains were taken offline, visitors attempting to access the websites were redirected to FBI notices stating that the pages had been disabled as part of a federal investigation.
The bureau said the action was intended to disrupt the alleged scheme and prevent additional contacts with potential targets.
The FBI said anyone with information about the websites is encouraged to contact the bureau through its public tip line.
