Five Eyes Warns Chinese Intelligence Is Using Job Platforms to Recruit Sources

Five Eyes Chinese intelligence job recruiters https://www.pexels.com/photo/chinese-national-flag-waving-against-clear-blue-sky-32469234/

Chinese military intelligence operatives are posing as online recruiters to reach people with sensitive government or military knowledge, according to a joint warning from the Five Eyes intelligence-sharing alliance.

The joint advisory from the United States, United Kingdom, Canada, Australia and New Zealand says operatives have posed as recruiters, human resources consultants and representatives of legitimate-looking companies on platforms including LinkedIn, Indeed and Upwork. The goal, according to the advisory, is not to fill an actual role, but to draw them into relationships in which sensitive information can be requested gradually.

The Chinese Embassy in London rejected the allegation, saying in a statement cited by The Associated Press that the bulletin was “entirely fabricated” and “malicious slander.”

How Fake Recruiting Starts

The warning describes a recruitment pipeline that begins with ordinary-looking job outreach. A person may receive a message from a recruiter with a polished profile, see a posting for a defense or foreign policy analyst, or be offered a short-term consulting project that matches their résumé.

The approach can resemble a routine career opportunity, with a private-sector client, a virtual interview, a paid research assignment, and follow-up questions from someone who appears to be evaluating professional expertise.

The Five Eyes advisory alleges that Chinese intelligence officers use that process to find people whose access, contacts, or institutional knowledge could be useful. It names obvious targets such as clearance holders, military personnel, government employees, and defense specialists, but also warns that journalists, academics, contractors, and think tank employees may be valuable if their work gives them insight into government or security issues.

British Security Minister Dan Jarvis urged potential targets to watch for “signs of online targeting” and avoid inadvertently compromising security, according to The Associated Press.

Why Job Offers Make Effective Cover

The approach can feel familiar to anyone who has searched for work online. Recruiters ask standard questions about a candidate’s background, expertise, and availability for consulting work. Public profiles and résumés can then help identify people whose careers suggest access to sensitive networks, government agencies, or defense-related work.

That normality is part of the risk, according to the advisory. The first request may not involve classified information. A candidate might be asked to produce a short report on China’s foreign relations or a defense-related issue, work that could seem routine to people who already study or report on those subjects.

According to the advisory, recruits may receive a few hundred to several thousand dollars per report through services such as PayPal, Western Union, or cryptocurrency, which can make the arrangement appear legitimate. As the relationship develops, the requests may become more sensitive, and the conversation may move to encrypted messaging apps.

Security specialists say recruitment-based approaches can be especially effective because they exploit ambition and professional curiosity rather than fear. Unlike many phishing attempts, fake recruiting outreach may not create a sense of panic or urgency. It may offer prestige, extra income, or a chance to be treated as an expert.

“The best social engineering attacks don’t ask victims to believe something impossible,” said Mika Aalto, co-founder and CEO of Hoxhunt. “They ask them to believe something they already want to be true. Recruitment scams are particularly effective because they package espionage, fraud, and credential theft as career opportunities that a professional has been considering already.”

The joint warning is also notable, signaling that allied governments view the activity as more than ordinary job fraud or online impersonation.

What to Watch For

For individuals, the clearest warning sign is a recruiting or consulting offer that becomes hard to verify or increasingly focused on information that is not public. A legitimate-sounding assignment can become more concerning if the recruiter avoids official company channels, pushes the conversation to encrypted apps, or asks about government decisions, military issues, or internal policies. Employers should make sure workers with sensitive access know how to verify outside recruiting offers and report suspicious approaches.

“Whether you’re in government, academia, or the private sector, unsolicited recruiting outreach should be approached with healthy skepticism,” said Matthew Hartman, chief strategy officer at Merlin Group. “Organizations should ensure employees understand how social engineering campaigns evolve from seemingly benign conversations into intelligence collection efforts.”

Author
  • Contributing Writer, Security Buzz
    Michael Ansaldo is a veteran technology and business journalist with experience covering cybersecurity and a range of IT topics. His work has appeared in numerous publications including Wired, Enterprise.nxt, PCWorld, Computerworld, TechHive, GreenBiz, Mac|Life, and Executive Travel.