Chinese Virtual Espionage Operation Targeted Congressional Staffer

Would you discuss U.S. policy insights or trade issues for $10,000?

A staffer with the U.S. House Select Committee on the Chinese Communist Party (CCP) received such an offer via email and reported it to his supervisors, according to a May 9 New York Times article. The committee authorized the staffer to continue communications to gain insight into suspected Chinese espionage techniques. The individual who contacted the staffer claimed to work for a Hong Kong-based firm named Nimbus Hub Strategic Consulting.

Using fake consulting firms and professional networking approaches to target Americans, particularly those with current or former access to sensitive information, has become an increasingly common tactic associated with Chinese intelligence operations.

China’s Digital Recruitment Playbook

According to The New York Times, an individual claiming to be an employee of Nimbus Hub attempted to cultivate a relationship with a congressional staffer, offering payment in exchange for insights into U.S. policy on China, trade, and Venezuela.

Previous investigations by FDD researchers identified a website associated with Nimbus Hub in November 2025 as part of a broader network of suspicious geopolitical consulting and recruiting firms. The investigation exposed more than 100 suspicious domains linked through shared technical infrastructure, including web hosting servers. The scale of the network, which appeared to target individuals across multiple countries, suggests these operations have global reach.

In February 2026, an OpenAI report linked Nimbus Hub to actors conducting operations tied to Chinese intelligence activity. OpenAI found these actors used ChatGPT to create a “social-engineering playbook,” capable of rapidly generating personalized and flattering messages. The report demonstrates how artificial intelligence (AI) can expand the scale and efficiency of online espionage campaigns.

A Familiar Chinese Intelligence Tactic

This operational model is not new. One of the earliest publicly exposed examples involved Dickson Yeo, a former PhD student in Singapore, who used geopolitical consulting and networking platforms to identify and recruit American targets on behalf of Chinese intelligence services before pleading guilty in U.S. federal court in 2020.

Chinese virtual espionage operations continue to rely on many of the same tactics seen in the Yeo case. In 2017, German intelligence officials warned that Chinese operatives used fake LinkedIn profiles posing as recruiters and consultants to target thousands of German officials and politicians. British officials later issued similar warnings, with MI5 Director General Ken McCallum stating in 2023 that up to 20,000 Britons had been approached online by suspected Chinese operatives. Earlier this year, European security officials stated that China used fake LinkedIn profiles to seek sensitive information from NATO and EU staff.

These incidents demonstrate that Nimbus Hub is not an isolated case, but part of a persistent pattern of Chinese intelligence tradecraft targeting Western officials through fake consulting firms, networking platforms, and paid offers designed to extract information.

Disruption Alone Is Not Enough

Exposing malicious infrastructure and fake companies remains necessary but insufficient to deter these operations. Even after FDD researchers initially exposed Nimbus Hub’s website, and OpenAI later confirmed its operators used AI models to support targeting efforts, Nimbus Hub employees allegedly continued seeking sensitive information.

Disrupting malicious infrastructure can impose costs, but adversaries can rapidly recreate websites and online personas. Researchers at DFRLab found operators behind the Russian influence operation Doppelganger — which created fake news websites and social media accounts to covertly influence audiences globally — recreated replacement websites less than 24 hours after the U.S. government disrupted them.

Countering Chinese virtual espionage will therefore require persistent disruption efforts and sustained vigilance. Policymakers should strengthen public-private partnerships between federal agencies, cybersecurity firms, AI companies, and networking platforms to rapidly identify suspicious activity and dismantle malicious networks. The U.S. government should also expand public awareness efforts and targeted counterintelligence training for current and former clearance holders.

Max Lesser is a senior analyst on emerging threats at the Foundation for Defense of Democracies (FDD). Emmerson Overell is a project coordinator at FDD’s Center on Cyber and Technology Innovation (CCTI), where she focuses on threats to U.S. national security in the Arctic, space, and cyberspace. For more analysis from the authors and FDD, please subscribe HERE. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on foreign policy and national security.