FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders

Summary

The FBI and Justice Department have seized 13 domains used by a suspected Chinese intelligence operation to recruit Americans with security clearances. These fake consulting websites offered paid research work, aiming to obtain sensitive government information by soliciting insider data from current and former US government employees and military personnel. The operation utilized false personas, AI-generated profiles, encrypted messaging, and cryptocurrency, with recruitment efforts appearing on various freelance platforms.

Full text

Cyber Crime Scams and FraudFBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders The Justice Department and FBI seized 13 fake consulting websites that officials say targeted US clearance holders with paid research work designed to obtain sensitive government information. byWaqasJune 10, 20262 minute read US Federal authorities have seized 13 domains that officials say were used in a suspected Chinese intelligence linked effort to recruit Americans with access to classified or sensitive US government information. The Justice Department said Wednesday that the websites posed as consulting firms and promoted “vague consultancy” and advisory roles aimed at current and former US government employees, military personnel, and security clearance holders. After the seizure, visitors to the domains are shown an FBI notice stating that the sites had been taken over under a federal warrant. Seizure notice (Image credit: Hackread.com via seized domains) According to an affidavit filed in support of the warrants, the operation began in November 2023 and used fake company websites, online job ads, and social media recruiting to approach people who could provide information of interest to the government of the People’s Republic of China. The jobs were presented as paid consulting work, with titles such as “Senior Analyst” and “International Affairs Consultant.” Authorities said the recruiters offered money for research reports, then pushed candidates toward confidential or “insider” information that they were not authorized to share. In its press release published today, the Justice Department said the campaign used a mix of false personas, stolen identities, AI generated profile photos, encrypted messaging apps, online payment accounts, and cryptocurrency. Contracts and confidentiality agreements were also used to make the fake firms appear legitimate. According to court documents, the recruitment activity for this campaign appeared on hiring and freelance platforms, including Upwork, Expertia AI, Hubstaff Talent, Wellfound, and Post Job Free. The postings covered topics that prosecutors said aligned with Chinese government interests. Federal officials said payments moved from overseas accounts into the United States as part of the alleged activity. The affidavit accuses the operators of using the domains in a conspiracy involving bribery of current and former public officials, identity theft, and international money laundering. The people behind the sites have denied any foreign government involvement. The seized domains listed in the Justice Department filing include the following fake consulting and recruitment websites, ordered from shortest to longest domain name: gpf-ina.orggulfpeace.orgthehorizzen.comvandercons.compulsewaveglobal.comsafesec-group.comthetruthinfo.comcydfconsulting.comgeoindopacific.comrightinfoconsult.comcatalystglobalsolutions.comcentrikglobalconsulting.comfinnaclevesperconsulting.com Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts ChinaCyber CrimeCybersecurityFBIFraudFreelancingScamUSA Leave a Reply Cancel reply View Comments (0) Related Posts Cyber Crime Cloud hosting firm Blackbaud pays ransom after thwarting ransomware attack Blackbaud claims it paid a ransom to protect customer data. byDeeba Ahmed Cyber Crime Scams and Fraud ‘Payment Reversal’ Another PayPal Phishing Scam Targeting Customers A new email that has been targeting PayPal users states that the company is examining a payment reversal… byWaqas Cyber Crime Cyber Events Hacking News eBay Hacked; 128 Million Users Asked to Change Passwords eBay Inc. (Nasdaq: EBAY) has confirmed yesterday on its blog that it experienced one of the biggest criminal… byWaqas Cyber Crime Malware Famous Games Hijacked for Ransom Through TeslaCrypt Ransomware Files of over 20 Games Encrypted by TeslaCrypt Ransomware – Out of 185, 50 file extensions are game-oriented. TeslaCrypt… byWaqas

Indicators of Compromise

• domain — gpf-ina.org
• domain — gulfpeace.org
• domain — thehorizzen.com
• domain — vandercons.com
• domain — pulsewaveglobal.com
• domain — safesec-group.com
• domain — thetruthinfo.com
• domain — cydfconsulting.com
• domain — geoindopacific.com
• domain — rightinfoconsult.com
• domain — catalystglobalsolutions.com
• domain — centrikglobalconsulting.com
• domain — finnaclevesperconsulting.com

Entities