Five Eyes Warns China Is Recruiting Insiders Through LinkedIn and Gig Platforms
The Five Eyes intelligence alliance has warned that Chinese military intelligence services are using professional networking, recruitment, and freelance platforms including LinkedIn, Indeed, and Upwork to identify and cultivate people with access to sensitive government and military information. According to the joint bulletin, Chinese operatives pose as recruiters, consultants, think tanks, or HR firms, then build relationships with targets and gradually request increasingly sensitive reporting. The campaign is aimed not only at security clearance holders and active military personnel, but also at academics, journalists, freelance writers, think tank staff, and others whose unclassified knowledge of policy, strategy, capabilities, or installations can be combined into actionable intelligence.
The advisory says communications often shift from mainstream platforms to encrypted messaging apps, while payments may be routed through services such as PayPal, Zelle, Wise, Western Union, and cryptocurrency. Officials said some targets have already provided information, leading in some cases to criminal prosecutions, revoked security clearances, and job losses. The warning builds on earlier MI5 alerts, including concerns about Chinese approaches to parliamentarians and a prior estimate that roughly 10,000 Britons were targeted over five years, while similar tactics have also been reported in the United States through fake consulting firms seeking information from former federal workers.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Five Eyes issues joint 'Safeguarding our Secrets' bulletin
The Five Eyes intelligence alliance issued a joint bulletin warning that Chinese military intelligence services are using LinkedIn, Indeed, Upwork, and similar platforms to recruit government and military insiders in Western countries. The advisory described a multi-step scheme in which operatives pose as recruiters or consultants and solicit increasingly sensitive non-public information.
MI5 warns Parliament about Chinese LinkedIn targeting
MI5 previously warned that Chinese agents had used LinkedIn and similar recruitment approaches to target members of parliament and parliamentarians.
MI5 estimates 10,000 Britons were targeted over five years
An earlier UK alert cited by The Register said that by 2021, around 10,000 Britons had been approached over a five-year period as part of Chinese intelligence-linked recruitment efforts.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
11 references tracked. Mallory keeps watching after this page renders.
Chinese Spies Using LinkedIn, Job Sites to Recruit Western Workers
techrepublic.com
Open sourceChina is using recruitment sites to buy top secret information - Boing Boing
boingboing.net
Open sourceChina-linked actors using job sites to target government workers, Five Eyes warns | brief | SC Media
scworld.com
Open sourceFive Eyes warn Chinese spies are using job sites to recruit insiders | The Record from Recorded Future News
therecord.media
Open sourceFive Eyes Joint Bulletin - Safeguarding Our Secrets | MI5 - The Security Service
mi5.gov.uk
Open sourceGot a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5
bitdefender.com
Open sourceUk Government
mi5.gov.uk
Open sourceUk Government
mi5.gov.uk
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
MI5 Warning on Chinese Espionage via LinkedIn Targeting UK Lawmakers
MI5 has issued an espionage alert to members of the UK Parliament, warning that Chinese intelligence operatives are using fake recruitment agents and social media platforms, particularly LinkedIn, to target individuals with access to sensitive government information. The alert, circulated by the speakers of both the House of Commons and House of Lords, specifically identified two LinkedIn profiles believed to be operated by Chinese Ministry of State Security (MSS) officers posing as legitimate headhunters. These efforts are part of a broader campaign to cultivate relationships with MPs, peers, parliamentary staff, and professionals involved in policy development, including economists and think tank staff. Security Minister Dan Jarvis emphasized that this activity represents a covert attempt by a foreign power to interfere in the UK's sovereign affairs and highlighted previous Chinese cyber-operations targeting parliamentary emails and other interference attempts. In response, the UK government is investing £170 million to upgrade encrypted technology for government business and introducing new measures to counter Chinese cybercrime and influence operations. Intelligence agencies in other countries, such as Australia, have also warned about the use of professional networking sites for espionage, underscoring the global nature of this threat.
Mar 21, 2026
China-Linked Espionage Targeting U.S. Government and Technology Talent
U.S. authorities and researchers are highlighting **China-linked espionage** that increasingly leverages online recruitment and employment channels to access sensitive information. Reporting on recent federal cases describes foreign intelligence services posing as consulting firms, research groups, or recruiters to approach current and former U.S. government personnel—often starting via email or job platforms and escalating through staged interviews, fake websites, and payment offers—to solicit **classified or sensitive information**; multiple Justice Department actions in 2025 reportedly involved such virtual-first recruitment approaches. Separately, a former Google engineer, **Linwei Ding**, was found guilty of **economic espionage and trade secret theft** after prosecutors said he exfiltrated over 2,000 pages of confidential AI supercomputing documents (including TPU/GPU architecture details, orchestration software, SmartNIC networking designs, and internal system configurations) and uploaded them to a personal cloud account while maintaining undisclosed ties to China-based companies and engaging with a Shanghai-sponsored talent program. Broader context from CSIS’ long-running survey of Chinese espionage cases underscores that these incidents fit a sustained pattern since 2000 spanning both **human intelligence** and **cyber-enabled theft** targeting U.S. government and commercial technologies, while noting open-source case lists likely undercount the true scope.
Mar 21, 2026
China-Linked Espionage Targeting Former US Officials and UK Government Communications
Reporting indicates **China-linked intelligence activity** is targeting current and former Western government officials through both human and technical collection. In the US case, a suspected Chinese influence/collection network using a purported consultancy (*Foresight and Strategy*) allegedly approached a former senior State Department official and offered payment to produce an assessment of US policy priorities in Venezuela, consistent with prior research describing a nexus of fake companies and websites used to recruit people with government and think-tank policy experience. In the UK, Chinese state-linked hackers are accused of maintaining years-long access to communications associated with senior Downing Street officials, with reporting alleging compromises affecting phones used by aides to former prime ministers **Boris Johnson, Liz Truss, and Rishi Sunak** dating back to 2021 and discovered in 2024. The activity has been linked by sources to **Salt Typhoon**, a China-aligned espionage group associated with telecom-provider intrusions that can enable collection of call metadata and potentially content (texts/calls), allowing intelligence value even without direct handset malware.
Mar 21, 2026