[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRRZ5BPJ3olhNbCYU8VXhU82BXcynKtdZWPw5uG-MqOY":3},{"article":4,"iocs":47},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":26,"category":27,"article_tags":31},"1e3736bd-105b-4e0d-84bf-665de0b4c7b0","Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities","five-eyes-chinese-spies-target-government-military-staff-with-fake-job-opportuni-da83ff","Posing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information. The post Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities appeared first on SecurityWeek.","Chinese military intelligence officers are conducting coordinated recruitment campaigns impersonating legitimate recruiters on platforms like LinkedIn, Indeed, and Upwork to target government, military, and defense personnel with security clearances. The fake job postings for positions such as foreign policy and defense analysts are designed to establish long-term relationships and pressure candidates into disclosing classified or privileged information. Candidates are offered financial compensation ranging from hundreds to thousands of dollars per report, with payments made through third-party platforms and cryptocurrency.","Five Eyes warn Chinese military intelligence poses as recruiters targeting government and military personnel for","Chinese military intelligence officers are posing as recruiters in online campaigns targeting government and military personnel with access to sensitive information, the Five Eyes countries warn. Using fake job announcements on professional networking sites and recruitment platforms, the Chinese spies impersonate think tanks, private consultancies, and HR firms, placing advertisements for positions such as foreign policy and defense analysts. The fake recruitment process is meant to pressure candidates into revealing classified or privileged information. “China’s military intelligence services ultimately seek to acquire privileged military, political and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes,” the alert (PDF) reads. The alert was authored by the United States’ FBI, the United Kingdom’s MI5, the Australian Security Intelligence Organisation, Canada’s Security Intelligence Service, and New Zealand’s Security Intelligence Service. Using these tactics, China’s intelligence officers seek to establish long-term relationships with security clearance holders, military personnel, and individuals with indirect access to government information.Advertisement. Scroll to continue reading. The campaigns are conducted on platforms such as LinkedIn, Indeed, and Upwork, and applicants’ resumes are ranked based on potential access to sensitive information. Selected applicants are then contacted and invited to virtual interviews during which the recruiters conceal their identities and probe candidates about their access to government personnel. Next, the “candidates are asked to write a trial report on a topic such as China’s bilateral relations, the Indo-Pacific region, and related defense issues, or international trade,” the alert reads. The fake recruiters then inform the candidates that additional reports need to include more privileged information, and the communication is typically moved to supposedly more secure platforms, such as encrypted messaging services. “Recruits receive anywhere from a few hundred to several thousand dollars per report, and may be offered more money in return for increasingly sensitive information. Payment methods include third-party payment platforms, such as PayPal, Payoneer, Zelle, Skrill, and Wise, as well as Western Union, e-transfer, and cryptocurrency,” the Five Eyes say. Payments are typically received from the account of an individual who was not involved in the recruitment process. According to the alert, even unclassified information provided by candidates is likely collected and combined with more sensitive data. “Certain types of data can place the lives of frontline military or other personnel at risk, can weaken our economic prosperity, and enable interference in our democratic processes,” the alert reads. Additionally, applicants risk the compromise of their personal information contained within resumes, and could face various consequences for disclosing classified information, such as prosecution for espionage, job loss, and security-clearance revocation. Noting that the tactic is not new, Exabeam’s Steve Povolny pointed to the scale and precision that professional networking platforms are bringing to the approach. Used as intelligence collection environments, these platforms allow spies to recruit individuals without leaving their desks. “The larger lesson is that the insider threat is no longer confined to employees intentionally stealing secrets. Adversaries are targeting the vast ecosystem surrounding sensitive information, including contractors, former government personnel, academics, researchers, journalists, and industry experts who may possess only fragments of valuable knowledge,” Povolny commented. “In an era of data aggregation, even information that appears unclassified in isolation can become strategically significant when combined with other sources. The most successful espionage operations today don’t begin with a breach of technology. They begin with a conversation, a networking request, or a job offer that seems entirely legitimate,” he added. Related: FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data Related: FBI Warns of Surge in Hacker-Enabled Cargo Theft Related: FBI: Cybercrime Losses Neared $21 Billion in 2025 Related: FBI Warns of Data Security Risks From China-Made Mobile Apps Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Over 1.4 Million Accounts Disrupted in Cybercrime CrackdownCisco Warns of Available PoC for Critical Unified CM VulnerabilityKirki, Burst Statistics WordPress Plugin Flaws in Attackers’ CrosshairsIMA Diligence Services Data Breach Impacts 525,000 PeopleOrganizations Warned of Exploited Linux Kernel Vulnerability‘HTTP\u002F2 Bomb’ Exploit Knocks Web Servers Offline in SecondsCritical Vulnerability in HP VoIP Phones Enables Enterprise Network BreachesMeta AI Hands Over High-Profile Instagram Accounts to Hackers Latest News Nightclub Giant RCI Says Data Breach Affects 40,000 IndividualsCisco Warns of 7th SD-WAN Zero-Day Exploited in 2026Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity RiskWebinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to RespondWillow Raises $7 Million for Securing Autonomous AI AgentsGemini Voice Assistant Hijacked via Messaging NotificationsMirasvit Vulnerability Exploited to Execute Code on Magento ServersChinese Cybercrime Group in Spotlight for Record Campaign Pace Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Third-Party Risk in Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register Virtual Roundtable: CISO Forum 2026 Mid-Year Review June 10, 2026 Explore how attackers are using AI to scale threats and how security teams can respond with AI-driven defenses. Protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI governance frameworks. Register People on the MoveCyera has appointed Naveen Palavalli as Chief Marketing Officer.Connie Devine has been promoted to Chief Information Security Officer at Phillips 66.Jeff Lunglhofer becomes Chief Security Officer at Coinbase, replacing Philip Martin.More People On The MoveExpert Insights The Zero-Knowledge Threat Actor and the End of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor) Raising the Cybersecurity Stakes: Ante up for the Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael) Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Cyber Resilience is the New Business Continuity Plan The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin) Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Ffive-eyes-chinese-spies-target-government-military-staff-with-fake-job-opportunities\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F11\u002FThreat-Intelligence-sharing.jpg","2026-06-05T08:46:44+00:00","2026-06-05T10:00:19.55944+00:00",9,[18,21,23],{"name":19,"type":20},"China's military intelligence services","threat_actor",{"name":22,"type":20},"Five Eyes (FBI, MI5, ASIO, CSIS, NZSIS)",{"name":24,"type":25},"Chinese fake recruitment intelligence collection campaign","campaign","6cbdd207-aaa1-4176-9534-e156b125e917",{"id":26,"icon":28,"name":29,"slug":30},null,"Nation-state","nation-state",[32,37,42],{"category":33},{"id":34,"icon":28,"name":35,"slug":36},"2c8f44d4-b56e-47cf-9677-04f22c9ee78d","Identity & Access","identity-access",{"category":38},{"id":39,"icon":28,"name":40,"slug":41},"c5c77cdb-f7d7-4990-9436-c81dcbff1163","Policy","policy",{"category":43},{"id":44,"icon":28,"name":45,"slug":46},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[]]