Five Eyes Warns of Chinese Intelligence Recruitment Campaign Targeting Government and Military Personnel
The Five Eyes intelligence alliance has issued a warning that Chinese military intelligence operatives are masquerading as recruiters in online campaigns designed to target government employees, military personnel, and others with access to sensitive information.
According to a joint security alert, the operatives use fraudulent job postings on professional networking and recruitment platforms, posing as representatives of think tanks, consulting firms, and human resources organizations. The advertisements often promote roles related to foreign policy, defense analysis, and international affairs.
Authorities say the recruitment schemes are intended to build trust with potential targets and gradually persuade them to disclose classified or otherwise sensitive information.
"China's military intelligence services ultimately seek to acquire privileged military, political, and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes," the advisory states.
The alert was jointly released by the U.S. Federal Bureau of Investigation (FBI), the United Kingdom's MI5, the Australian Security Intelligence Organisation (ASIO), the Canadian Security Intelligence Service (CSIS), and the New Zealand Security Intelligence Service (NZSIS).
Investigators say Chinese intelligence officers are attempting to cultivate long-term relationships with individuals who hold security clearances, serve in the military, or have indirect access to government information and networks.
The recruitment efforts have been observed on platforms including LinkedIn, Indeed, and Upwork. Submitted resumes are reportedly assessed based on an applicant's potential access to valuable information.
Candidates identified as promising targets are contacted for virtual interviews, during which recruiters conceal their true identities and inquire about the applicant's professional responsibilities, government connections, and access to sensitive information.
As the process advances, applicants may be asked to prepare trial reports covering topics such as China's foreign relations, Indo-Pacific security issues, defense policy, or international trade.
According to the Five Eyes agencies, recruiters often request increasingly detailed reports over time, encouraging candidates to include information that may be privileged or sensitive. Communications are frequently moved to encrypted messaging platforms under the guise of enhanced security.
Participants may receive payments ranging from several hundred to several thousand dollars per report, with larger sums offered for more valuable information. Payment methods reportedly include PayPal, Payoneer, Zelle, Skrill, Wise, Western Union, bank transfers, and cryptocurrency.
Authorities note that payments are often sent from accounts belonging to individuals who were not directly involved in the recruitment process, potentially complicating attribution efforts.
The intelligence agencies warn that even information considered unclassified can be valuable when aggregated with other data sources. Such information may contribute to broader intelligence collection efforts and could ultimately pose risks to national security.
The advisory cautions that the exposure of certain types of information could endanger military personnel, weaken economic interests, and facilitate foreign interference in democratic institutions.
Beyond national security concerns, individuals targeted by these campaigns also risk the compromise of personal information contained in resumes and application materials. Those who knowingly or unknowingly disclose classified information could face serious consequences, including loss of employment, revocation of security clearances, and potential criminal prosecution.
Steve Povolny, Director of Security Research and Competitive Intelligence at Exabeam, noted that while intelligence services have long used recruitment tactics, modern professional networking platforms have significantly increased their reach and effectiveness.
According to Povolny, these platforms provide intelligence agencies with efficient access to potential targets, allowing them to identify and engage individuals with valuable knowledge without requiring direct physical contact.
He also emphasized that insider threats are no longer limited to employees intentionally stealing confidential information. Instead, adversaries increasingly target a broader network of contractors, former government personnel, academics, researchers, journalists, and industry specialists who may each possess pieces of valuable information.
Povolny warned that in today's data-driven environment, information that appears harmless on its own can become strategically important when combined with other intelligence sources.
"The most successful espionage operations today don't begin with a cyberattack or technical breach," he said. "They begin with a conversation, a networking request, or a job opportunity that appears completely legitimate."
