Five Eyes Warn of Chinese Intelligence Spies Posing as Recruiters to Target Government Personnel
A joint alert from the Five Eyes intelligence alliance details a sophisticated Chinese intelligence operation using fake job opportunities to lure government and military staff into revealing sensitive information.
Chinese military intelligence officers are actively engaged in online recruitment campaigns designed to ensnare government and military personnel who possess access to classified and sensitive information, according to a joint warning issued by the Five Eyes intelligence alliance. These operations leverage fake job advertisements posted on professional networking and recruitment platforms, with the spies impersonating legitimate entities such as think tanks, private consultancies, and human resources firms.
The primary objective of these deceptive recruitment efforts is to pressure targeted individuals into divulging classified or privileged information under the guise of a legitimate job application process. The Five Eyes, comprising the United States, United Kingdom, Australia, Canada, and New Zealand, highlighted in their alert that China's military intelligence services aim to acquire strategic and tactical advantages by obtaining privileged military, political, and economic intelligence.
These campaigns are meticulously executed across popular platforms like LinkedIn, Indeed, and Upwork. The intelligence officers meticulously vet applicants, ranking their resumes based on the potential access to sensitive government information. Selected candidates are then invited to virtual interviews, during which the recruiters deliberately conceal their true identities and subtly probe the candidates about their access to government personnel and internal systems.
Following the interviews, candidates are often asked to complete a "trial report" on topics relevant to foreign policy, defense issues, or international trade, particularly concerning China's bilateral relations or the Indo-Pacific region. The fake recruiters then inform the candidates that subsequent reports must include more privileged information, and the communication is typically migrated to supposedly more secure platforms, such as encrypted messaging services, to foster a false sense of confidentiality.
To incentivize cooperation, "recruits receive anywhere from a few hundred to several thousand dollars per report, and may be offered more money in return for increasingly sensitive information." Payments are facilitated through various third-party platforms, including PayPal, Payoneer, Zelle, Skrill, Wise, Western Union, e-transfers, and cryptocurrency, often originating from accounts of individuals not directly involved in the recruitment process. Even seemingly unclassified information provided by candidates is collected and aggregated with more sensitive data, potentially creating significant intelligence value.
The consequences for targeted individuals are severe. Beyond the risk of compromising sensitive data that could endanger frontline personnel, weaken economic prosperity, or interfere with democratic processes, applicants also risk the exposure of their personal information contained within their resumes. Furthermore, disclosing classified information can lead to severe repercussions, including prosecution for espionage, job loss, and the revocation of security clearances.
While the tactic of using social engineering for intelligence gathering is not new, experts note that the scale and precision afforded by professional networking platforms have amplified its effectiveness. These platforms have become fertile ground for intelligence collection, allowing spies to recruit individuals without needing to leave their desks. This evolving threat landscape underscores that the insider threat is no longer confined to malicious employees; adversaries are actively targeting the broader ecosystem surrounding sensitive information, including contractors, former government personnel, academics, and industry experts.
As Steve Povolny of Exabeam commented, "In an era of data aggregation, even information that appears unclassified in isolation can become strategically significant when combined with other sources. The most successful espionage operations today don’t begin with a breach of technology. They begin with a conversation, a networking request, or a job offer that seems entirely legitimate."