Washington, D.C. — Federal authorities have seized more than a dozen websites that they say suspected Chinese agents used to recruit current and former U.S. officials holding security clearances, in a counterintelligence operation that exposes how foreign services are blending old-fashioned espionage with artificial intelligence and gig-economy hiring platforms.
The Justice Department and the FBI announced on June 10, 2026 that they had seized 13 internet domains used to target U.S. persons, including current and former security clearance holders with access to classified and sensitive government information. The takedown was detailed in a press release numbered 26-629 and supported by an affidavit filed for the seizure warrants.
According to court documents, the scheme was not a quick scam but a sustained operation. The affidavit states that beginning in November 2023, the conspirators created at least 13 fake consulting company websites, whose job postings advertised generic “consulting” roles and openly described recruiting current or former U.S. government and military employees to advise unspecified clients. Investigators say the sites were built to look like legitimate firms, complete with corporate branding lifted from real overseas companies.
The tradecraft was deliberately modern. The FBI listed the methods as the use of aliases, fictitious personas and stolen identities of real people; AI-generated photographs; relatively large payments for research reports; the use of Telegram and other encrypted apps; pressure to provide “exclusive” or “insider” information; and the movement of money from overseas accounts into the United States. The conspirators allegedly paid for reports through online payment accounts opened in the names of fictitious individuals and used cryptocurrency to hide their identities and the true source of the funds. U.S.
Rather than building traffic on their own, the operators fished where job seekers already were. Recruitment ran through job postings and social media on platforms including Upwork, Expertia AI, Hubstaff Talent, Wellfound and Post Job Free, with the listings tied to topics of interest to the government of the People’s Republic of China. CNN, citing the affidavit, reported that LinkedIn was also used and that the document lists seven unnamed people recruited through the sites, who were asked to write reports on subjects including U.S.–China relations, Iran and the Israel–Palestine war while being pressed for insider information.
The fake jobs carried plausible, flattering titles. The advertised positions included “Senior Analyst” and “International Affairs Consultant,” and recruiters pushed candidates to share confidential reports from insider sources in breach of their official duties. Other listings reported by CNN included “International Affairs Analyst (Remote),” “Defense Analyst” and “Jobs for Ex-Military Personnel.” To project legitimacy, the operators used contracts and confidentiality agreements with their sham consulting companies. U.S.
The seized domains, named in the affidavit as part of an alleged conspiracy to commit bribery of public officials, identity theft and international money laundering, included Centrik Global Consulting, Rightinfo Consulting, Finnacle-Vesper Consulting, CYDF Consulting, Pulse Wave Global, Catalyst Global Solutions, Horizzen, GeoIndopacific, Global Peace Foundation–Indonesia, SafeSec Group, The TruthInfo, Vandercons.com and Gulf Peace Foundation. After the seizures, the FBI posted takeover pages on each site to warn visitors and disrupt the activity; notably, the conspirators have denied any involvement by a foreign government.
Senior officials framed the action as both a disruption and a public warning. Assistant Attorney General for National Security John A. Eisenberg said the seizures show how foreign actors use promises of easy money to lure Americans into revealing protected information. U.S. Attorney Jeanine Ferris Pirro for the District of Columbia said the sham sites were crafted to deceive but had been stopped in their tracks. Roman Rozhavsky, of the FBI’s Counterintelligence and Espionage Division, said the domains show the lengths China’s intelligence services will go to using AI-generated content to recruit clearance holders, while Daniel Wierzbicki of the FBI’s Washington Field Office said the bureau had shut the operation down.
The case fits a documented pattern. A Naval Criminal Investigative Service report last year alleged that foreign actors were trying to recruit federal employees and exploit the Trump administration’s plans for mass layoffs across agencies, with one intelligence officer reportedly directing an asset to court federal workers who marked themselves “open to work” on LinkedIn.
Leave a Reply