The U.S. Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) announced on Wednesday, June 10 that federal authorities have seized 13 websites allegedly connected to Chinese intelligence operations. The sites are accused of using fake consulting firms and job advertisements to target current and former U.S. government and military personnel with security clearances in an effort to obtain classified and sensitive information.
According to the DOJ, the 13 seized domains had long advertised positions such as “consultant,” “senior analyst,” and “international affairs consultant.” Their intended targets included current and former security clearance holders with access to classified U.S. government information, as well as other Americans possessing sensitive knowledge.
John A. Eisenberg, Assistant Attorney General for National Security, said the websites demonstrate how foreign actors exploit promises of “easy income” to persuade Americans to disclose sensitive—and sometimes classified—information that should remain protected.
He warned that anyone who receives vague online offers for consulting work accompanied by promises of easy income should remain highly cautious and watch for signs of malicious recruitment.
Jeanine Ferris Pirro, U.S. Attorney for the District of Columbia, said the operation sends a clear message that any effort to exploit individuals entrusted with America’s most sensitive information will be detected and dismantled.
Success
You are now signed up for our newsletter
Success
Check your email to complete sign up
She added that the so-called consulting websites were carefully designed to deceive victims, but persistent investigations by prosecutors and law enforcement agencies ultimately disrupted the scheme.
Roman Rozhavsky, Assistant Director of the FBI’s Counterintelligence Division, said the seized websites reveal how Chinese intelligence services are attempting to use artificial intelligence-generated content to lure, recruit, and even coerce current and former U.S. security clearance holders into providing sensitive information.
According to Rozhavsky, the FBI and its partners have identified Chinese intelligence agencies using a combination of AI tools, professional networking platforms, and online payment services to conduct targeted recruitment of U.S. citizens.
Daniel Wierzbicki, head of the Counterintelligence and Cyber Division at the FBI’s Washington Field Office, said the Chinese government has for years used shell companies and fraudulent job advertisements as cover to approach U.S. government personnel.
He said the seizures will prevent the websites from continuing to target Americans with access to sensitive information and emphasized that the FBI will continue using all available resources to counter similar threats.
Dominique Evans, Special Agent in Charge of the FBI’s Norfolk Field Office, said the Chinese government continues to employ deceptive methods to obtain U.S. innovation, research, and sensitive information, including through fraudulent job offers and online recruitment campaigns.
Evans said authorities hope that by seizing the domains and exposing these tactics, the public will be better able to recognize and avoid similar threats. He also urged anyone receiving suspicious job offers to report them to the FBI.
Fake consulting firms and recruitment tactics
According to an affidavit filed by the DOJ, individuals involved in the scheme created at least 13 fake consulting company websites beginning in November 2023. The sites claimed to recruit consultants for unnamed clients and specifically encouraged applications from current and former U.S. government and military personnel to provide professional analysis and advisory services.
Investigators said the websites were typically linked to job advertisements posted on recruitment platforms and were used to identify targets through well-known employment and freelance marketplaces, including Upwork, Expertia AI, Hubstaff Talent, Wellfound, and Post Job Free.
The DOJ said the job postings largely focused on topics of interest to the Chinese government.
Court documents indicate the operators employed a range of concealment techniques, including the use of aliases, fabricated identities, and stolen personal information. They allegedly used AI-generated profile photos, paid substantial sums for research reports, communicated through encrypted messaging applications such as Telegram, requested supposedly “exclusive” or “inside” information, and transferred funds from overseas accounts into U.S.-based accounts.
Investigators said the fake positions included titles such as “Senior Analyst” and “International Affairs Consultant.” Once recruiters established contact with targets, they gradually requested information and reports obtained from internal sources, encouraging individuals to violate confidentiality obligations.
To enhance their credibility, the operators allegedly provided applicants with formal contracts and nondisclosure agreements, making the fictitious consulting firms appear legitimate.
The DOJ said those involved denied any connection to a foreign government. However, investigators believe they compensated applicants in exchange for sensitive information and used online payment accounts and cryptocurrency tied to fictitious identities to conceal both funding sources and their true identities.
The affidavit states that these financial transactions created channels for moving money from outside the United States into the country and were used to further the alleged conspiracy.
The 13 seized domains
The DOJ identified the following domains as part of the operation:
- Centrik Global Consulting (centrikglobalconsulting.com)
- Rightinfo Consulting (rightinfoconsult.com)
- Finnacle-Vesper Consulting (finnaclevesperconsulting.com)
- CYDF Consulting (cydfconsulting.com)
- Pulse Wave Global (pulsewaveglobal.com)
- Catalyst Global Solutions (catalystglobalsolutions.com)
- Horizzen (thehorizzen.com)
- GeoIndopacific (geoindopacific.com)
- Global Peace Foundation–Indonesia (gpf-ina.org)
- SafeSec Group (safesec-group.com)
- The TruthInfo (thetruthinfo.com)
- Vandercons.com
- Gulf Peace Foundation (gulfpeace.org)
According to the DOJ, the websites were allegedly used to facilitate bribery, identity theft, and transnational money laundering schemes targeting current and former public officials.
Following the seizures, the FBI took control of the websites and replaced their homepages with warning notices informing visitors that the sites had been shut down by law enforcement authorities, preventing further illegal activity and financial transactions.
The operation was conducted jointly by the U.S. Attorney’s Office for the District of Columbia, the FBI’s Washington Field Office, and the FBI’s Norfolk Field Office. The DOJ’s National Security Division, Counterintelligence and Export Control Section also participated in the investigation.
