FBI seizes 13 domains used in Chinese intelligence operation targeting US security clearance holders
The FBI seized 13 domains allegedly used by Chinese intelligence to target current and former U.S. government and military personnel holding security clearances.
Federal authorities have seized 13 internet domains allegedly used in a Chinese intelligence-gathering operation that targeted current and former U.S. government employees and military personnel with access to classified and sensitive information. The takedown, announced by the FBI, marks a significant law enforcement action against state-sponsored cyber espionage that used fake consulting websites as a primary lure.
According to the FBI, the seized domains were part of a sophisticated social engineering campaign designed to collect credentials and other sensitive information from victims. The operation specifically targeted individuals who hold or have held security clearances, making it a high-value espionage effort aimed at compromising U.S. national security secrets. The fake consulting websites were crafted to appear legitimate, offering career opportunities or consulting engagements to lure targets into submitting personal and professional information.
“The FBI seized these domains as part of an ongoing effort to disrupt malicious cyber activity by state-sponsored actors targeting our nation’s secrets,” the agency stated. The takedown action is part of a broader law enforcement initiative against Chinese cyber espionage, which has increasingly focused on human intelligence gathering through online personas and fake business fronts. The use of fake consulting firms allows intelligence operatives to establish trusted communications with targets, gradually extracting classified information or credentials for further access.
The operation highlights a persistent threat from Chinese state-sponsored groups, which have been linked to multiple campaigns using fake job offers, recruiter profiles, and consulting opportunities. Previous alerts from the Five Eyes intelligence alliance have warned of similar tactics, where Chinese operatives pose as recruiters on professional networking platforms to target government and defense personnel. The FBI’s domain seizures represent a direct disruption of these infrastructure components, though the underlying threat actors are likely to adapt by registering new domains.
Experts note that the targeting of clearance holders is particularly concerning because it aims to compromise individuals with direct access to classified systems. The theft of credentials from such individuals could enable follow-on attacks against government networks, including persistent access and data exfiltration. The FBI has not disclosed whether any data was successfully stolen or whether any victims have been identified, but the agency is encouraging anyone who may have interacted with the fake domains to come forward.
The takedown is part of a broader U.S. government effort to combat Chinese cyber espionage, which has been a top priority for the FBI and CISA. Recent actions have included sanctions against Chinese companies and individuals involved in hacking campaigns, as well as public attribution of operations to specific threat groups. The FBI advises all current and former government personnel with security clearances to remain vigilant against unsolicited job offers or consulting opportunities and to report any suspicious contacts to the authorities.
As the investigation continues, cybersecurity experts recommend that organizations with cleared personnel implement additional training on spotting fake recruiting and consulting lures. Multi-factor authentication and monitoring for unusual login attempts can also help mitigate the risk of credential theft. The FBI’s action demonstrates that law enforcement is actively working to dismantle the infrastructure of state-sponsored espionage operations, but the underlying threat remains persistent and adaptive.