The U.S. Federal Bureau of Investigation (FBI) shut down 13 websites suspected to be tied to a Chinese espionage campaign involving the recruitment of current and former government security clearance holders.The websites promoted fake consulting services, such as Centrik Global Consulting, Rightinfo Consulting, Pulse Wave Global and Catalyst Global Solutions, to lend legitimacy to job postings seeking current and former U.S. government and military employees for “consultant” and “analyst” jobs, the U.S. Department of Justice said in a press release Wednesday.The suspected Chinese operatives used a combination of fictitious personas, stolen identities and AI-generated photographs to build up the façade of legitimate businesses seeking candidates’ expertise for unspecified “clients,” officials said. The operation ran since at least November 2023, utilizing encrypted applications such as Telegram for communications and cryptocurrency to make payments in exchange for confidential information.“The fake consulting company domains seized by the FBI illustrate the lengths the Chinese government’s intelligence services will go to as they try to use AI-generated content to trick, recruit, or coerce current and former U.S. security clearance holders into sharing sensitive information,” Roman Rozhavsky, assistant director of the FBI’s Counterintelligence and Espionage Division, said in a statement. “The FBI and our partners have observed China’s intelligence services resort to using AI, professional networking sites, and only payment platforms to target Americans.”The alleged conspirators made job postings on sites like Upwork, Expertia AI, Hubstaff Talent, Wellfound and Post Job Free to entice targets with government expertise to apply. After contacting the targets, the conspirators pressed them to provide sensitive “insider” information and offered large payments for “research reports” containing such information, officials said.The website operators are accused of conspiracy to commit bribery, identity theft and international money laundering, according to an affidavit supporting the domain seizures. While the DOJ attributes the campaign to the Chinese government, the alleged conspirators denied foreign government involvement, according to the press release.The website seizures come one week after the FBI released a joint alert with other Five Eyes intelligence agencies warning of such recruitment schemes targeting Five Eyes government and military personnel. The alert said recruiters typically conduct interviews with candidates and ask them to write a trial report before moving them to encrypted messaging platforms and requesting more privileged information. Recruits have received payments from between a few hundred dollars to several thousands of dollars for each report, with payment methods also including PayPal, Payoneer, Zelle, Skrill, Wise and Western Union, in addition to cryptocurrency, officials said.“Even unclassified information on government policy, or on military strategy, capabilities and installations, can be collected and combined with more sensitive reporting to form a comprehensive operational picture,” the alert stated. “[…] Applicants who provide their resumes and other personality identifiable information risk compromises of personal privacy.”
Threat Intelligence
FBI shuts down 13 ‘consulting’ websites used for suspected Chinese espionage
FBI seizure notice displayed on the website for “Centrik Global Consulting.”
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds