Five Eyes Warns Chinese Spies Are Using Fake Job Ads to Target Military Staff

Summary

Western intelligence agencies from the Five Eyes alliance (UK, US, Canada, Australia, New Zealand) have issued a joint warning about Chinese state-sponsored actors exploiting job recruitment platforms to target military personnel and government workers. The spies create fake profiles posing as HR professionals and recruiters, posting advertisements for defense and foreign policy analyst roles, then conduct interviews via encrypted channels to solicit sensitive information and classified details. Victims are offered payments via PayPal, cryptocurrency, and other methods, with particular focus on individuals with security clearances in the Indo-Pacific region.

Full text

Security Cyber Crime Scams and FraudFive Eyes Warns Chinese Spies Are Using Fake Job Ads to Target Military Staff Five Eyes warns that Chinese spies are using fake job ads on LinkedIn, Indeed, and Upwork to target military staff and steal sensitive data. byDeeba AhmedJune 4, 20263 minute read Western intelligence agencies are warning about the growing preference of China-linked state actors regarding the use of job websites to trick government workers and military staff into sharing sensitive information. This warning comes from the Five Eyes (FVEY), an international intelligence partnership comprising agencies from the UK, the US, Canada, Australia, and New Zealand. Five agencies, including the UK’s MI5 and the US FBI, shared a joint report about how these spying operations work. How the Scammers Operate According to the group’s warning, these state-backed hackers/spies use websites like LinkedIn, Indeed, and Upwork where they create fake profiles and pretend to be human resources experts, consultants, or staff from reputed research groups. After creating these profiles, they post advertisements for fake jobs like defence or foreign policy analysts. When people apply, the scammers closely inspect their CVs to check what secrets they may reveal to them. The next step is interviewing their selected candidates, which happens online through video calls with the spies hiding their true identities and intentions. After interviewing, they ask the applicants to write a test report about trade, defence, or politics. The hackers then move the conversation to secret, encrypted messaging apps and pressure the candidates to give up non-public details. Even if an applicant doesn’t know top secrets, mixing small bits of normal information can still help the Chinese government. The spies pay for these reports via PayPal, Wise, and cryptocurrency, and the pay ranges anywhere from a few hundred to several thousand dollars. Who is At Risk? Reportedly, the threat actors are looking for people with special security clearance. Their preferred targets include military members, especially those working in the Indo-Pacific region. However, they may also target academics, journalists, and freelance writers having links to government or trade sectors. This has been going on for a while, with Hackread.com regularly reporting such scams previously, such as the high-profile economic espionage case involving a Chinese university professor named Hao Zhang. He was convicted in 2020 for conspiring with Tianjin University to steal sensitive wireless filter technology from US firms Avago and Skyworks. Previously, the UK’s MI5 director general Ken McCallum stated that Chinese agents used LinkedIn to target British politicians, and noted that they have tried to lure at least 20,000 British people using these fake job offers. Image via UK Political Editor for Bloomberg Alex Wickham on X In response to the warning, the UK’s Security Minister Dan Jarvis said the country will keep fighting these hostile actions from other countries, and pointed out that North Korea is also a key threat, as it has used fake remote IT workers to get into high-profile companies for financial and state goals. Jarvis added that the UK will still talk with China politically, but the government will not tolerate such behaviour. The report also warns that anyone who shares secret details could go to prison under spying laws. This is not the first time the Five Eyes alliance has issued a warning about China-based hackers targeting critical infrastructure in the West. In July 2024, the alliance revealed that China’s APT40, also known as GADOLINIUM, BRONZE, or TEMP.Periscope, had been hacking into government networks by exploiting known critical vulnerabilities. (Photo by Antonio Vivace on Unsplash) Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts ChinaCyber CrimeCybersecurityFive EyesFraudIndeedLinkedInUpwork Leave a Reply Cancel reply View Comments (0) Related Posts Cyber Crime US COVID-19 relief bill to make copyrighted content streaming a felony The $300/week unemployment legislation includes a clause that will make streaming of protected content a punishable crime. byDeeba Ahmed Read More Security How Red Teaming Helps Meet DORA Requirements The Digital Operational Resilience Act (DORA) sets strict EU rules for financial institutions and IT providers, emphasizing strong… byUzair Amir Cyber Crime Hacking News Employee PC hacked via TeamViewer in attempted water supply poisoning Unknown hackers tried to poison the water supply that could have harmed thousands of residents in Oldsmar, Tampa, Florida. byWaqas Read More Cyber Crime Dark Web 23-Year-Old Arrested for Running 100M Incognito Dark Web Market DOJ announces arrest of Rui-Siang Lin, accused of running Incognito Market, a dark web hub facilitating $100M+ in… byWaqas

Indicators of Compromise

• domain — linkedin.com
• domain — indeed.com
• domain — upwork.com

Entities