US seizes alleged China-linked sites targeting security clearance holders
mathisworks/Getty Images
Prosecutors said the domains posed as legitimate consulting companies to recruit current and former U.S. officials into sharing sensitive government information for payment.
The FBI and Justice Department seized 13 websites allegedly used by Chinese intelligence operatives to target current and former U.S. officials and military personnel with access to classified government information.
In a press release, the DOJ said the domains were designed to look like legitimate consulting firms and were used to advertise vague, well-paid consulting roles aimed at security clearance holders. The campaign, which allegedly began in November 2023, sought to entice Americans into producing research reports or sharing insider information on topics of interest to the Chinese government, according to court documents.
The seized domains included sites associated with firm names like Centrik Global Consulting, Rightinfo Consulting, Finnacle-Vesper Consulting, CYDF Consulting, Pulse Wave Global, Catalyst Global Solutions, Horizzen, GeoIndopacific, SafeSec Group and others.
The campaign relied on familiar job-market platforms and freelance sites to advertise positions such as “Senior Analyst” and “International Affairs Consultant.”
The Justice Department said the operators used aliases, fake personas, stolen identities and artificial intelligence-generated photographs to make the companies appear credible. The alleged scheme also involved encrypted messaging apps, including Telegram, overseas payments, cryptocurrency and online payment accounts registered under false names, according to an affidavit filed in support of the seizure warrants.
The takedowns mark the latest U.S. government effort to disrupt foreign intelligence schemes that blend online recruiting and financial incentives to reach Americans with access to sensitive national security information.
Waves of federal layoffs over the past year have pushed thousands of government employees and contractors into an uncertain job market. That disruption has created renewed collection opportunities for foreign intelligence services.
Nextgov/FCW reported in January that a suspected Chinese intelligence outfit contacted a former senior State Department official late last year and offered payment for an assessment of U.S. policy priorities in Venezuela. The person who contacted the former official claimed to be affiliated with a sham consulting firm that had previously surfaced in research first reported by Nextgov/FCW last September, that assessed the firm was part of a broader network of fake companies tied to China.
The U.S. has sought to further publicize targeting efforts. In a rare public disclosure, Army Deputy Chief of Staff for Intelligence Lt. Gen. Anthony R. Hale issued a memo in November warning that foreign adversaries are targeting soldiers, civilians and their families through fake companies and phony recruiters. The advisory was sent to more than a million personnel across the Army, and later to members of the media, marking an unusually direct acknowledgment of the threat.