A Chinese government-backed intelligence operation is actively using fake employment sites and social media to recruit laid-off federal workers, according to a report released Monday by the Foundation for Defense of Democracies.
Researchers warn that the operation is using front companies, LinkedIn and other tools as part of a broad online campaign to gather intelligence on the U.S., including sensitive information related to U.S. national security and corporate interests.
“Historically, China’s efforts to recruit current and former government employees typically focus on people with access to sensitive information,” Max Lesser, senior analyst on emerging threats at FDD’s Center on Cyber and Technology Innovation, told Cybersecurity Dive via email. “Even a government employee’s resume may provide valuable, unclassified information to the PRC about the inner workings of the U.S. government.”
The recruitment effort is similar to tactics that China has used for more than a decade. The report cites a 2018 effort by a Singaporean national who used LinkedIn and a fake consulting company to recruit American military and other sensitive ex-federal workers and received more than 400 résumés.
The operative, Jun Wei Yeo, was later sentenced to 14 months in prison.
U.S. authorities in April warned that China was actively seeking to recruit former federal workers for espionage.
The report outlines a network of five companies, including one internet service provider and four other firms that are described as either headhunter or consulting firms based in the U.S., Singapore and Japan. The companies are Smaio Intelligence, Dustrategy, RiverMerge Strategies, Tsubasa Insight and Wavemax Innov.
Between December 2024 and March, all five domains were hosted on the same server, according to FDD. The report indicates the server is owned by Tencent.
According to the report, Smaio is a real company based in China and someone affiliated with that company created the other four firms, which are not real businesses. The website for Smaio went down sometime in mid-March while a news outlet was reviewing findings developed for the report, according to FDD.
FDD researchers discovered RiverMerge Strategies on LinkedIn in January while looking up information on geopolitical risk consulting. RiverMerge Strategies claimed to be a consulting firm specializing in geopolitical risk and previously claimed to have offices in Singapore and Colorado. However the reference to Colorado was removed in March, according to FDD.
RiverMerge posted on LinkedIn seeking professionals with experience in the government as well as talent recruiters with strong networks in Washington, D.C., according to the report.
