Now accepting applications — for classified intel

Over the past year, waves of federal layoffs have left thousands of government employees and contractor clients suddenly out of work. For foreign intelligence services, that disruption has opened new opportunities. With more former U.S. officials seeking employment or freelance work — often in specialized national security fields — adversaries, namely China, have stepped in, posing as consulting firms, research groups and recruiters.

The efforts aren’t tied to traditional signals intelligence or hacking. They’ve instead relied on human contact: conversations that begin over email or job platforms and evolve into targeted efforts to extract sensitive information. It’s a form of classic human intelligence — or HUMINT, in spy terms — adapted to the everyday churn of online job hunting that’s become all too familiar to thousands of Washingtonians and others swept up in the wave of federal layoffs.

The tradecraft is subtle: fake websites, staged interviews and plausible payment offers. But the goal remains the same as any other in spycraft. And as recent federal indictments show, this model has worked. Former military analysts, civilian employees and even active-duty personnel have been caught passing information to contacts they believed were legitimate employers or clients.

In 2025, the Justice Department publicly announced charges or indictments in at least five separate cases involving current or former U.S. government personnel accused of transmitting classified or sensitive information to foreign intelligence services, primarily the Chinese government, according to a review conducted by Nextgov/FCW. 

In nearly all of them, the initial contact came through virtual means. One case involved a State Department employee who shared classified documents with individuals he believed were working for overseas consulting firms. Another cited a former Army analyst recruited through a freelance job platform, who went on to sell troves of sensitive military data to someone posing as a geopolitical research client.

Although the Justice Department reported a noticeable rise in espionage-related indictments in 2025, many of the offenses at the center of those cases began earlier. In several instances, the criminal activity described was already underway in 2024 and sometimes as early as 2022.

But in the three years prior to 2025, only a handful of similar cases were made public, typically one or two each year. The contrast suggests the increase last year may reflect a more sudden surge in foreign espionage, or a more aggressive shift in how the U.S. government pursued it. 

Adversaries have not let up. In September 2025, Nextgov/FCW first reported research on a network of fake firms that has sought out former federal employees. The research, which assessed the network was likely tied to China, was conducted by analysts at the Foundation for Defense of Democracies, a national security think tank.

At that point, it wasn’t clear if that network had successfully ensnared any former government employees. But in January, Nextgov/FCW reported that one of the firms in the nexus made contact with a former senior State Department national security official, asking for an analysis on U.S. policy plans for Venezuela in exchange for payment. The contact came weeks before a major U.S. operation captured Venezuela’s leader, Nicolás Maduro, and his wife from Caracas.

“They knew their target well here,” the former official said. The person, who requested anonymity to be candid about their experience, said they wanted to speak out about the incident to warn other former federal employees, especially those in highly sensitive positions.

Max Lesser, the FDD analyst leading the research into these recruitment schemes, recently uncovered more than 100 websites tied to a wider network, all using similar tactics. The network, first documented on cyber influence operations blog Memetic Warfare, included websites that were registered in China and had Chinese language packs installed into their administrative infrastructure. Some of the sites imply they are based in Boston, the United Kingdom or Germany.

Lesser provided Nextgov/FCW with a spreadsheet of those websites, with labels for sites specifically appearing to be built for recruiting former and current U.S. feds, featuring specific requests for people able to gain government access and sometimes awkward English phrasing. The level of detail about those specific sites has not been previously reported.

One of those webpages, tied to a purported government relations consulting firm dubbed Davis Ryan Consulting, posted a job opening seeking a government and public services business analyst with the “ability to obtain a U.S. security clearance.” 

Another, belonging to a supposed consulting shop called Jamestown Advisors, said it was seeking a remote policy analyst with government affairs work experience. On the “News” page of the Jamestown Advisors website, Nextgov/FCW observed two duplicated blogs with the headline “How Trump’s Iran strike options are shaped by Venezuela buildup” — the blog posts appear to rip content directly from a Jan. 26 story published by The Hill.

A third site, Navigating Consulting, has advertised several jobs for candidates with defense, intelligence and cybersecurity backgrounds, as well as people with experience working with government agencies. 

“To achieve your interests, it is not only to follow politics, but also to understand the key players and stay informed. Our team has seasoned professionals about the political systems,” one section of the Navigating site reads.

Chinese officials have regularly denied involvement in espionage and hacking efforts targeting U.S. persons. The Chinese embassy in Washington, D.C. previously told Nextgov/FCW that the nation opposes “any smear and attack on China with so-called ‘spy risks’ without factual basis.”

“It’s obviously showing that this type of activity is happening on a scale that was previously unknown,” Lesser said of the conclusions in his findings, noting that there was no clear indication of how effective this group of 100 websites has been in actually coaxing U.S. personnel to share sensitive material.

The U.S. government has sought to further publicize the targeting efforts. In a rare public disclosure, Army Deputy Chief of Staff for Intelligence Lt. Gen. Anthony R. Hale issued a memo in November warning that foreign adversaries are targeting soldiers, civilians and their families through fake companies and phony recruiters. The advisory was sent to more than a million personnel across the Army, and later to members of the media, marking an unusually direct acknowledgment of the threat.

An unclassified June 2024 transmission provided by the Army indicates the foreign intelligence activity has been observed for some time. It said adversaries use less traditional social messaging platforms like Reddit and Discord to pose seemingly innocuous questions to servicemembers that can increase in sensitivity over time. 

Requesters “may rely on opinion-based questions such as asking [Department of the Army] personnel for their opinion on topics such as Taiwan, Ukraine or Israel to gather information,” it said. The espionage efforts do not target only classified information and aim to access various forms of sensitive data like battle plans, contracts and research.

Army members and their families may also be extended “disproportionate payment” offers, such as $1,000 for a two-page whitepaper or an all-expenses-paid trip to destinations like China, Hong Kong or Macao, the 2024 message said.

The National Counterintelligence and Security Center put out a similar notice in April of last year, warning that China and other groups are “targeting current and former U.S. government (USG) employees for recruitment by posing as consulting firms, corporate headhunters, think tanks and other entities on social and professional networking sites.”

The second Trump administration has announced several hundred thousand federal civil service layoffs, many attributed to the Department of Government Efficiency, established in the early months of Trump 2.0 to eliminate what it described as government bloat and excessive spending. Parts of these plans were outlined in Project 2025, a conservative plan to reshape the federal government, as far back as 2023.

The Partnership for Public Service, a government and civil service nonprofit, said some 212,000 federal workers have left their jobs as of late January.

The Department of Defense — the largest U.S. government employer and the backbone of the country’s national intelligence and defense establishment — has seen the greatest number of reductions, with around 61,000 people cut, Partnership data shows.

“When you look at those DOJ statements, and you see that the [tactics, techniques and procedures] with this network and the other networks, it should start to give you a sense that these sorts of tactics are getting through to people,” Lesser said. “I don’t know how many people they are getting through to, but they appear to be having some success.”