US Federal authorities have seized 13 domains that officials say were used in a suspected Chinese intelligence linked effort to recruit Americans with access to classified or sensitive US government information.
The Justice Department said Wednesday that the websites posed as consulting firms and promoted “vague consultancy” and advisory roles aimed at current and former US government employees, military personnel, and security clearance holders.
After the seizure, visitors to the domains are shown an FBI notice stating that the sites had been taken over under a federal warrant.
According to an affidavit filed in support of the warrants, the operation began in November 2023 and used fake company websites, online job ads, and social media recruiting to approach people who could provide information of interest to the government of the People’s Republic of China.
The jobs were presented as paid consulting work, with titles such as “Senior Analyst” and “International Affairs Consultant.” Authorities said the recruiters offered money for research reports, then pushed candidates toward confidential or “insider” information that they were not authorized to share.
In its press release published today, the Justice Department said the campaign used a mix of false personas, stolen identities, AI generated profile photos, encrypted messaging apps, online payment accounts, and cryptocurrency. Contracts and confidentiality agreements were also used to make the fake firms appear legitimate.
According to court documents, the recruitment activity for this campaign appeared on hiring and freelance platforms, including Upwork, Expertia AI, Hubstaff Talent, Wellfound, and Post Job Free. The postings covered topics that prosecutors said aligned with Chinese government interests.
Federal officials said payments moved from overseas accounts into the United States as part of the alleged activity. The affidavit accuses the operators of using the domains in a conspiracy involving bribery of current and former public officials, identity theft, and international money laundering. The people behind the sites have denied any foreign government involvement.
The seized domains listed in the Justice Department filing include the following fake consulting and recruitment websites, ordered from shortest to longest domain name:
gpf-ina.org
gulfpeace.org
thehorizzen.com
vandercons.com
pulsewaveglobal.com
safesec-group.com
thetruthinfo.com
cydfconsulting.com
geoindopacific.com
rightinfoconsult.com
catalystglobalsolutions.com
centrikglobalconsulting.com
finnaclevesperconsulting.com
