Federal authorities announced Wednesday the seizure of 13 internet domains, alleging they were part of an extensive scheme linked to Chinese intelligence services aimed at recruiting current and former U.S. government employees and military personnel. These individuals were targeted for their access to sensitive information through fraudulent job offers disguised as legitimate consulting opportunities.
"These domain seizures offer a glimpse at how foreign actors attempt to exploit Americans through seemingly legitimate online opportunities." — Assistant Attorney General John A. Eisenberg, National Security Division
The Department of Justice (DOJ) detailed that the websites masqueraded as consulting firms, advertising generic research and consulting positions. The recruitment effort, which reportedly began in November 2023, specifically sought individuals with backgrounds in government, military, foreign policy, and national security matters. Investigators stated that the sites were meticulously designed to attract those possessing valuable government information while concealing the true identities of the orchestrators behind the recruitment drive.
The fraudulent job postings were disseminated across various prominent employment platforms, including Upwork, Expertia AI, Hubstaff Talent, Wellfound, and Post Job Free. Authorities emphasized that the recruiters focused on current and former security clearance holders, as well as other Americans with access to classified or sensitive government information. Advertised positions included titles such as "Senior Analyst" and "International Affairs Consultant," crafted to appear innocuous and appealing to experienced professionals.
This announcement follows a week after the United States, alongside Britain and other members of the Five Eyes intelligence alliance, issued a warning regarding China's increasing use of online job platforms to identify and recruit individuals with access to government intelligence. Western intelligence agencies have reportedly expressed growing concerns about such sophisticated tactics in recent years.
Federal investigators provided insights into the elaborate methods used to obscure the operation's true purpose and the identities of those involved. Court records allege that recruiters operated under false names, created fabricated professional profiles, and utilized computer-generated images to bolster these deceptive identities. Furthermore, communications frequently transitioned to encrypted messaging services, and payment arrangements involved overseas accounts and digital currencies, significantly complicating efforts to trace transactions.
Applicants were often tasked with producing research and analysis on subjects of interest to the recruiters, with some offered substantial compensation for their work. Investigators alleged that these assignments, while presented as legitimate consulting projects, were designed to illicitly obtain confidential and nonpublic information.
Assistant Attorney General for National Security John A. Eisenberg underscored the gravity of the situation, stating, "This case demonstrates how foreign actors attempt to exploit Americans through seemingly legitimate online opportunities." He issued a strong caution, particularly to individuals entrusted with access to sensitive government information, advising them to treat offers of easy money for vaguely defined consulting work with extreme skepticism.
U.S. Attorney Jeanine Ferris Pirro for the District of Columbia affirmed that the domain seizures were a direct action to thwart efforts to exploit Americans holding access to the nation's most sensitive information. Pirro described the websites as "crafted to appear legitimate but were ultimately designed to deceive potential recruits and obtain protected information."
FBI Counterintelligence and Espionage Division Assistant Director Roman Rozhavsky highlighted the evolving nature of Chinese intelligence services' recruitment and espionage efforts, noting their increased reliance on modern technology. Rozhavsky stated that investigators have observed Chinese intelligence services employing artificial intelligence, professional networking platforms, and online payment systems to target Americans. He asserted that the seized domains "illustrated the lengths to which Chinese intelligence services will go to recruit or coerce individuals into sharing sensitive information."
Special Agent in Charge Daniel Wierzbicki of the FBI’s Washington Field Office reiterated that the Chinese government has been attempting to conceal recruitment efforts behind fake companies and fraudulent job postings. He confirmed that the domain seizures would effectively prevent these websites from continuing to target Americans with access to sensitive information.
In response to the allegations, a spokesperson for the Chinese Embassy in Washington rejected the claims, labeling them "entirely fabricated" and accusing the United States of disseminating false accusations. The spokesperson stated that China "strongly condemned the allegations."
The seized domains were identified as Centrik Global Consulting, Rightinfo Consulting, Finnacle-Vesper Consulting, CYDF Consulting, Pulse Wave Global, Catalyst Global Solutions, Horizzen, GeoIndopacific, Global Peace Foundation–Indonesia, SafeSec Group, The TruthInfo, Vandercons, and Gulf Peace Foundation. Following their seizure, visitors attempting to access these websites were redirected to FBI notices confirming that the pages had been disabled as part of a federal investigation, an action intended to disrupt the alleged scheme and prevent further contact with potential targets. The FBI encouraged anyone with information regarding these websites to contact the bureau via its public tip line.
