China-Linked Espionage Targeting Former US Officials and UK Government Communications
Reporting indicates China-linked intelligence activity is targeting current and former Western government officials through both human and technical collection. In the US case, a suspected Chinese influence/collection network using a purported consultancy (Foresight and Strategy) allegedly approached a former senior State Department official and offered payment to produce an assessment of US policy priorities in Venezuela, consistent with prior research describing a nexus of fake companies and websites used to recruit people with government and think-tank policy experience.
In the UK, Chinese state-linked hackers are accused of maintaining years-long access to communications associated with senior Downing Street officials, with reporting alleging compromises affecting phones used by aides to former prime ministers Boris Johnson, Liz Truss, and Rishi Sunak dating back to 2021 and discovered in 2024. The activity has been linked by sources to Salt Typhoon, a China-aligned espionage group associated with telecom-provider intrusions that can enable collection of call metadata and potentially content (texts/calls), allowing intelligence value even without direct handset malware.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
China denies UK espionage allegations
After the allegations were reported publicly, China's foreign ministry rejected the claims as baseless and accused Western governments of politicizing cybersecurity. The denial came amid renewed scrutiny of Salt Typhoon's alleged telecom-focused espionage activity.
Former State official receives suspicious Venezuela research solicitation
A person using the name 'Keven Lee' and claiming to represent 'Foresight and Strategy' contacted a former senior U.S. State Department official and offered payment for an assessment of U.S. policy priorities in Venezuela. After a virtual interview, the requester asked for a 1,000-word brief drawing on conversations with State Department colleagues, prompting the former official to view it as suspicious and warn others publicly.
China-linked fake firm network targets former U.S. officials and researchers
Prior reporting and FDD research assessed that a network of fake companies and websites, including 'Foresight and Strategy,' was being used to recruit former U.S. government and think-tank personnel for policy insight on issues of interest to Beijing. Analysts tied the infrastructure to China through domain registrations and shared technical indicators.
UK discovers Salt Typhoon-linked activity affecting officials' phones
The alleged UK phone compromise campaign was reportedly discovered in 2024, after years of suspected access to devices used by senior government figures. UK officials publicly referred to the incident only as a 'cluster of activity' linked to Salt Typhoon.
Chinese-linked phone compromises of UK officials reportedly begin
Reporting cited by The Register says Chinese state-linked hackers likely began compromising phones used by senior Downing Street officials and aides around former prime ministers as early as 2021. The activity reportedly enabled access to sensitive communications or metadata over multiple years.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
China-Linked Espionage Campaign Hit Telecoms, Cloud Email, and Manufacturers
China-linked hacking groups were reported to have penetrated a wide range of targets across the United States and allied regions, including manufacturers, U.S. government email systems, internet providers, and major telecommunications networks. Earlier reporting described broad economic espionage aimed at stealing trade secrets from manufacturing sectors in the U.S., Europe, and Asia, while later disclosures said Chinese operators breached U.S. government email accounts through Microsoft cloud infrastructure and infiltrated American internet providers for surveillance. Subsequent investigations tied the telecom intrusions to the **Salt Typhoon** campaign, which officials said exposed sensitive metadata and provided insight into U.S. surveillance targets. U.S. officials characterized the activity, alongside related operations such as **Volt Typhoon**, as one of the most serious cyber threats to American critical infrastructure in recent years. Reporting said investigators believed the attackers may have retained access to at least eight telecom firms, including **Verizon** and **AT&T**, and that the campaign extended to dozens of telecoms and government agencies. In response, the Biden administration moved to bar the remaining U.S. operations of **China Telecom Americas**, citing national security risks and signaling the first public retaliatory step tied to the telecom compromises, even as debate continued over broader sanctions, technology restrictions, and offensive cyber responses.
May 26, 2026
Five Eyes Warns China Is Recruiting Insiders Through LinkedIn and Gig Platforms
The Five Eyes intelligence alliance has warned that Chinese military intelligence services are using professional networking, recruitment, and freelance platforms including **LinkedIn**, **Indeed**, and **Upwork** to identify and cultivate people with access to sensitive government and military information. According to the joint bulletin, Chinese operatives pose as recruiters, consultants, think tanks, or HR firms, then build relationships with targets and gradually request increasingly sensitive reporting. The campaign is aimed not only at security clearance holders and active military personnel, but also at academics, journalists, freelance writers, think tank staff, and others whose unclassified knowledge of policy, strategy, capabilities, or installations can be combined into actionable intelligence. The advisory says communications often shift from mainstream platforms to encrypted messaging apps, while payments may be routed through services such as PayPal, Zelle, Wise, Western Union, and cryptocurrency. Officials said some targets have already provided information, leading in some cases to criminal prosecutions, revoked security clearances, and job losses. The warning builds on earlier MI5 alerts, including concerns about Chinese approaches to parliamentarians and a prior estimate that roughly 10,000 Britons were targeted over five years, while similar tactics have also been reported in the United States through fake consulting firms seeking information from former federal workers.
Jun 12, 2026
China-Linked Espionage Targeting U.S. Government and Technology Talent
U.S. authorities and researchers are highlighting **China-linked espionage** that increasingly leverages online recruitment and employment channels to access sensitive information. Reporting on recent federal cases describes foreign intelligence services posing as consulting firms, research groups, or recruiters to approach current and former U.S. government personnel—often starting via email or job platforms and escalating through staged interviews, fake websites, and payment offers—to solicit **classified or sensitive information**; multiple Justice Department actions in 2025 reportedly involved such virtual-first recruitment approaches. Separately, a former Google engineer, **Linwei Ding**, was found guilty of **economic espionage and trade secret theft** after prosecutors said he exfiltrated over 2,000 pages of confidential AI supercomputing documents (including TPU/GPU architecture details, orchestration software, SmartNIC networking designs, and internal system configurations) and uploaded them to a personal cloud account while maintaining undisclosed ties to China-based companies and engaging with a Shanghai-sponsored talent program. Broader context from CSIS’ long-running survey of Chinese espionage cases underscores that these incidents fit a sustained pattern since 2000 spanning both **human intelligence** and **cyber-enabled theft** targeting U.S. government and commercial technologies, while noting open-source case lists likely undercount the true scope.
Mar 21, 2026