A message arrives in your inbox. A recruiter with polished profile, reputable-looking company says you’re the perfect fit for a well-paid consulting role. All you need to do is write a few policy reports. It sounds too good to be true. That’s because it is.
This is not a thriller plot. It is the daily reality of a global espionage campaign that Western intelligence agencies are sounding the alarm about loudly and urgently.
An Operation at “Epic Scale”
MI5 Director Ken McCallum described the scale of China’s recruitment campaign as “epic,” warning that his agency detects “massive amounts of covert activity” by China week by week activity aimed not just at government or military secrets, but deep into private industry.
The number he put to it was staggering. Chinese agents had approached more than 20,000 people in the UK alone through sites like LinkedIn, attempting to recruit or extract sensitive information from workers across Britain’s tech sector.
And the UK is just one country. The pattern is global, methodical, and growing more sophisticated by the year.
The Playbook: Fake Firms, Flattering Messages, and Easy Money
According to intelligence advisories, operatives use professional networking platforms such as LinkedIn, Indeed, and Upwork to pose as recruiters, consultants, or human resources staff working for legitimate-looking firms.
The approach is deceptively simple. Intelligence operatives pose as private consultancies, think tanks, or human resources firms, placing job advertisements for foreign policy and defense analysts to target government, military, and think-tank personnel. Once contact is made, recruited individuals receive payments ranging from hundreds to thousands of dollars per commissioned report, sometimes in cryptocurrency.
Recruiters lure targets by telling them they are important, impressive, and intriguing, and that the job would primarily involve research and analysis language designed to flatter, not alarm.
The FBI Strikes Back: 13 Websites Seized in June 2026
The most dramatic recent illustration of this threat came just days ago. The FBI and Justice Department dismantled 13 websites allegedly used by Chinese intelligence operatives to recruit current and former U.S. government employees, marking one of the most extensive public crackdowns on foreign efforts to exploit America’s security-cleared workforce.
The scheme allegedly began in November 2023 and accelerated as the Trump administration’s mass federal layoffs left tens of thousands of cleared government workers actively seeking new employment. The seized domains operated under names designed to convey credibility — Centrik Global Consulting, Catalyst Global Solutions, GeoIndopacific, SafeSec Group, and Gulf Peace Foundation, among others.
To create the appearance of legitimate operations, the site operators used AI-generated photographs as profile images for fabricated employees, along with fraudulent identities and identities stolen from real individuals. An AI-generated face has no footprint, reverse image searches come up empty because that person has never existed.
The advertised positions included titles such as “Senior Analyst” and “International Affairs Consultant.” Candidates were asked to prepare reports and provide expertise for unnamed clients, while funds were transferred from overseas using cryptocurrency to conceal the source of payments.
A Long History of Stolen Secrets
This is not a new game. China has been running these operations for decades but digital platforms have supercharged the reach.
In August 2020, the United States arrested Alexander Yuk Ching Ma, a former CIA officer, for leaking classified information to the Chinese government. Assistant Attorney General John C. Demers remarked that “the trail of Chinese espionage is long and, sadly, strewn with former American intelligence officers who betrayed their colleagues, their country and its liberal democratic values.”
In another case uncovered by the Financial Times, Chinese university students were lured to work at a secret technology company called Hainan Xiandun, where they unknowingly translated hacked documents from U.S. government agencies and searched for individuals at Johns Hopkins University a key intelligence target.
More recently, in the UK, Chinese state-linked hackers allegedly maintained years-long access to communications associated with senior Downing Street officials, including phones used by aides to former prime ministers Boris Johnson, Liz Truss, and Rishi Sunak, with the compromise dating back to 2021 and only discovered in 2024.
Who Is in the Crosshairs?
The advisory identifies several groups that Chinese intelligence services are particularly interested in approaching: security clearance holders, military personnel, government employees, and individuals working in defense, foreign affairs, intelligence, and security-related fields. Academics, journalists, freelance writers, and think tank researchers are also considered potential targets because they may possess useful information or professional networks.
Crucially, a top-secret clearance is not even required. Officials stressed that direct access to classified material is not always necessary for intelligence gathering. Even unclassified information on government policy, or on military strategy, capabilities and installations, can be collected and combined with other data to build a complete intelligence picture.
The Goal: Strategic Dominance by 2050
China has set a goal to be the world leader in science and technology by 2050, and the country’s leaders know they will have to steal research and state secrets to improve the odds between Chinese scientists and their rivals. Chinese intelligence has used these techniques to steal detailed blueprints of U.S. Air Force equipment.
The Five Eyes alliance comprising the US, UK, Canada, Australia and New Zealand has warned that “China’s military intelligence services ultimately seek to acquire privileged military, political and economic intelligence that can provide China with a strategic and tactical advantage.”
What To Do If You’re Approached
FBI Counterintelligence Assistant Director Roman Rozhavsky pointed to the growing use of artificial intelligence in espionage tradecraft: “The fake consulting company domains seized by the FBI illustrate the lengths the Chinese government’s intelligence services will go to as they try to use AI-generated content to trick, recruit, or coerce current and former US security clearance holders.”
The warning from the Justice Department is clear: “Anyone approached online with offers of easy income for vague ‘consulting’ work should treat those overtures with extreme caution.” The investigation was initiated after some targets who recognized suspicious interactions reported those contacts to law enforcement implying that an unknown number of individuals who did not recognize the approach may have been successfully recruited.
The job offer in your inbox might look real. The company website might look polished. The recruiter might seem professional. But in the shadowy world of modern espionage, the most dangerous door is often the one that looks the most inviting.
Sources: U.S. Department of Justice, FBI, MI5, Five Eyes intelligence alliance joint advisory, National Counterintelligence and Security Center (NCSC)
Leave a Reply