Chinese military intelligence officers are posing as recruiters in online campaigns targeting government and military personnel with access to sensitive information, the Five Eyes countries warn.
Using fake job announcements on professional networking sites and recruitment platforms, the Chinese spies impersonate think tanks, private consultancies, and HR firms, placing advertisements for positions such as foreign policy and defense analysts.
The fake recruitment process is meant to pressure candidates into revealing classified or privileged information.
“China’s military intelligence services ultimately seek to acquire privileged military, political and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes,” the alert (PDF) reads.
The alert was authored by the United States’ FBI, the United Kingdom’s MI5, the Australian Security Intelligence Organisation, Canada’s Security Intelligence Service, and New Zealand’s Security Intelligence Service.
Using these tactics, China’s intelligence officers seek to establish long-term relationships with security clearance holders, military personnel, and individuals with indirect access to government information.
The campaigns are conducted on platforms such as LinkedIn, Indeed, and Upwork, and applicants’ resumes are ranked based on potential access to sensitive information.
Selected applicants are then contacted and invited to virtual interviews during which the recruiters conceal their identities and probe candidates about their access to government personnel.
Next, the “candidates are asked to write a trial report on a topic such as China’s bilateral relations, the Indo-Pacific region, and related defense issues, or international trade,” the alert reads.
The fake recruiters then inform the candidates that additional reports need to include more privileged information, and the communication is typically moved to supposedly more secure platforms, such as encrypted messaging services.
“Recruits receive anywhere from a few hundred to several thousand dollars per report, and may be offered more money in return for increasingly sensitive information. Payment methods include third-party payment platforms, such as PayPal, Payoneer, Zelle, Skrill, and Wise, as well as Western Union, e-transfer, and cryptocurrency,” the Five Eyes say.
Payments are typically received from the account of an individual who was not involved in the recruitment process.
According to the alert, even unclassified information provided by candidates is likely collected and combined with more sensitive data.
“Certain types of data can place the lives of frontline military or other personnel at risk, can weaken our economic prosperity, and enable interference in our democratic processes,” the alert reads.
Additionally, applicants risk the compromise of their personal information contained within resumes, and could face various consequences for disclosing classified information, such as prosecution for espionage, job loss, and security-clearance revocation.
Noting that the tactic is not new, Exabeam’s Steve Povolny pointed to the scale and precision that professional networking platforms are bringing to the approach. Used as intelligence collection environments, these platforms allow spies to recruit individuals without leaving their desks.
“The larger lesson is that the insider threat is no longer confined to employees intentionally stealing secrets. Adversaries are targeting the vast ecosystem surrounding sensitive information, including contractors, former government personnel, academics, researchers, journalists, and industry experts who may possess only fragments of valuable knowledge,” Povolny commented.
“In an era of data aggregation, even information that appears unclassified in isolation can become strategically significant when combined with other sources. The most successful espionage operations today don’t begin with a breach of technology. They begin with a conversation, a networking request, or a job offer that seems entirely legitimate,” he added.
Related: FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data
Related: FBI Warns of Surge in Hacker-Enabled Cargo Theft
Related: FBI: Cybercrime Losses Neared $21 Billion in 2025
Related: FBI Warns of Data Security Risks From China-Made Mobile Apps
