FBI Web Domain Seizures Highlight China’s Virtual Espionage Strategy

Jobseekers in the national security space must take a closer look at prospective employment opportunities.

A June 10 Department of Justice press release announced that the FBI had seized 13 web domains connected to a Chinese espionage operation attempting to recruit unwitting Americans to provide national security secrets to Beijing.

The incident provides a glimpse into the Chinese intelligence service’s broader strategy of exploiting professional networking sites to access sensitive nonpublic information from Americans.

Recruits Tasked To Write National Security Assessments

The Department of Justice affidavit associated with the seizure reveals that the 13 domains seized by law enforcement functioned as websites for front companies established with aliases, fictitious personas, and the stolen identities of actual persons. These fronts masqueraded as consulting firms and nonprofit organizations specializing in security and economic policy, as well as defense analysis.

Headshots of the fictitious personnel were often AI-generated deepfakes or taken from other companies and individuals without their knowledge. Stock imagery was routinely used in the websites’ graphics. In one case, the supposed staff of one front company had the exact same names as characters in the 2004 movie Anchorman.

After successful contact, conspirators tasked recruits to produce written reports on national security matters of interest to the Chinese Communist Party, with payment issued through PayPal from foreign bank cards and accounts held overseas. The intelligence operatives and their intermediaries, using stolen identities, pressured recruits to include confidential information in the reports that would violate their clearances.

The Threat Fits an Established Pattern

FDD has previously detailed how Chinese intelligence services exploit LinkedIn and other professional networking services to target Americans with access to sensitive information. Last year, for example, a Chinese operation attempted to recruit federal workers affected by mass layoffs.

The exploitation of these networking services, alongside freelancing platforms, is not a recent development. A decade ago, Singaporean national Dickson Yeo created front companies on LinkedIn to recruit intelligence assets.

This practice persists to this day. As revealed in a May New York Times report, a staffer at the House Select Committee on the Chinese Communist Party was contacted by a man claiming to be a Singaporean business consultant. The consultant offered the staffer $10,000 to share information about the activities of the committee.

Public-Private Partnership Necessary To Counter Chinese Threat

This problem will not disappear with the seizure of a handful of domains. Virtual espionage operations and other malicious online activity can quickly be restarted elsewhere using a fresh website and profile. For example, in 2024, federal law enforcement seized domains affiliated with a Russian influence operation that created false news websites mimicking legitimate news and media institutions. After the takedown, Russian operatives recreated the websites within 24 hours, subverting the Department of Justice’s attempt to disrupt the operation.

The U.S. federal government needs to partner with private companies that host these legitimate employment platforms and proactively share threat intelligence. Recognizing and intercepting the ongoing tactics, techniques, and procedures of an espionage operation as it is happening — for example, taking down a suspicious LinkedIn profile or website not long after it is created — ensures the posts receive little engagement and makes it more difficult for adversaries to conduct these operations.

The U.S. government punishes Americans who knowingly hand over sensitive information to adversaries. China’s operations, however, can also recruit unwitting individuals who believe their interlocutor is a real consultant. Raising awareness of the threat provides one of the most potent defenses. While current government officials are likely briefed on ongoing threats, the U.S. government should also build awareness through outreach to former and retired U.S. government, military, and defense industrial base employees.

Max Lesser is a senior analyst on emerging threats at the Foundation for Defense of Democracies’ (FDD’s) Center on Cyber and Technology Innovation (CCTI), where Liz Coppes is an intern. For more analysis from the authors and FDD, please subscribe HERE. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on foreign policy and national security.