Five Eyes Warns Chinese Spies Are Using Fake Job Ads to Target Military Staff

Western intelligence agencies are warning about the growing preference of China-linked state actors regarding the use of job websites to trick government workers and military staff into sharing sensitive information.

This warning comes from the Five Eyes (FVEY), an international intelligence partnership comprising agencies from the UK, the US, Canada, Australia, and New Zealand. Five agencies, including the UK’s MI5 and the US FBI, shared a joint report about how these spying operations work.

According to the group’s warning, these state-backed hackers/spies use websites like LinkedIn, Indeed, and Upwork where they create fake profiles and pretend to be human resources experts, consultants, or staff from reputed research groups. After creating these profiles, they post advertisements for fake jobs like defence or foreign policy analysts.

When people apply, the scammers closely inspect their CVs to check what secrets they may reveal to them. The next step is interviewing their selected candidates, which happens online through video calls with the spies hiding their true identities and intentions. After interviewing, they ask the applicants to write a test report about trade, defence, or politics.

The hackers then move the conversation to secret, encrypted messaging apps and pressure the candidates to give up non-public details. Even if an applicant doesn’t know top secrets, mixing small bits of normal information can still help the Chinese government. The spies pay for these reports via PayPal, Wise, and cryptocurrency, and the pay ranges anywhere from a few hundred to several thousand dollars.

Reportedly, the threat actors are looking for people with special security clearance. Their preferred targets include military members, especially those working in the Indo-Pacific region. However, they may also target academics, journalists, and freelance writers having links to government or trade sectors.

This has been going on for a while, with Hackread.com regularly reporting such scams previously, such as the high-profile economic espionage case involving a Chinese university professor named Hao Zhang. He was convicted in 2020 for conspiring with Tianjin University to steal sensitive wireless filter technology from US firms Avago and Skyworks.

Previously, the UK’s MI5 director general Ken McCallum stated that Chinese agents used LinkedIn to target British politicians, and noted that they have tried to lure at least 20,000 British people using these fake job offers.

Image via UK Political Editor for Bloomberg Alex Wickham on X

In response to the warning, the UK’s Security Minister Dan Jarvis said the country will keep fighting these hostile actions from other countries, and pointed out that North Korea is also a key threat, as it has used fake remote IT workers to get into high-profile companies for financial and state goals.

Jarvis added that the UK will still talk with China politically, but the government will not tolerate such behaviour. The report also warns that anyone who shares secret details could go to prison under spying laws.

This is not the first time the Five Eyes alliance has issued a warning about China-based hackers targeting critical infrastructure in the West. In July 2024, the alliance revealed that China’s APT40, also known as GADOLINIUM, BRONZE, or TEMP.Periscope, had been hacking into government networks by exploiting known critical vulnerabilities.