English
Arabic
French
Spanish
Portuguese
Deutsch
Turkish
Dutch
Italiano
Russian
Romaian
Portuguese (Brazil)
Greek
Chinese cyber spooks lure laid-off US government workers
A Washington DC-based think tank claims it has discovered evidence of a covert network of digital front companies operated by the Chinese intelligence services that are targeting laid-off US government employees.
Since Donald Trump’s inauguration in January, thousands of people have been let go across the US government – including many in cyber security threat intel and research functions – following audits by the Elon Musk-led Department of Government Efficiency.
The mass lay-offs, which the White House says are being done in the name of saving money, have dramatically slowed and even halted many government functions. In some places – such as at the Food and Drug Administration, they are being reversed.
Now, the Federation for the Defence of Democracies, a research institute that focuses primarily on America’s national security and foreign policy, says that Beijing is moving to try to exploit the lay-offs for its own intelligence-gathering purposes.
FDD senior analyst on emerging threats Max Lesser said these fraudulent organisations were posing as geopolitical risk consultancies and headhunting firms that appeared to be based in Japan, Singapore and the US.
“The tactics employed by this network closely resemble previous Chinese intelligence operations targeting US government officials and other high-value targets across the US, Europe and beyond,” said Lesser.
“Despite the network’s efforts to create the illusion that several separate firms outside of China are seeking to recruit laid-off federal employees, the network’s technical features point both to its Chinese origins and the role of a single entity in creating all of its components,” he said.
about nation state threats
UK cyber security chief warns of ‘direct connection’ between Russian cyber attacks and physical threats to the UK.
Two spyware variants are being used to target the mobile devices of persons of interest to Chinese intelligence, including individuals in the Taiwanese, Tibetan and Uyghur communities.
Advanced persistent threat group UNC3886 deployed custom backdoors on end-of-life Juniper Networks routers, underscoring the need for timely patching and advanced security monitoring.
The FDD named the companies as Smiao Intelligence, Dustrategy, RiverMerge Strategies, Tsubasa Insight and Wavemax Innov.
Of these, said Lesser, only Smiao Intelligence appears to be a real company. The others are alleged to be little more than digital fronts operating cloned websites, with artificial intelligence-generated text and clearly fake customer references.
Lesser said it was likely that individuals associated with Smiao created the network themselves for intelligence-gathering purposes, because they all rely on the same China-hosted Tencent server to run their websites, and all but one of them are using – or once did – a China-based email service called chengmail. Additionally, he said, four out of five of the sites share the same SSL certificate.
The FDD was also able to ascertain Smaio was likely the nexus of the covert operation. It has the oldest domain in the group, dating back eight years, and its homepage directs to an apparent parent company, Beijing Simiao Intelligent Information Technology Co Ltd, which is apparently a trademark application agency, officially recognised by China’s State Intellectual Property Office, and was registered as a company in 2012.
Notably, one of the companies, RiverMerge, appeared for a while to have an office in the US – the state of Colorado, to be precise – as well as Singapore, although these references were scrubbed from its website some time before 26 March 2025. US registries do show a company called RiverMerge Strategies LLC, formed in 2024, with a domain registered in Beijing and evidence of a shared phone number with Smiao.
The Chinese state has form dating back the best part of a decade when it comes to using recruitment websites to gather intelligence on US targets. Back in 2020, a Singapore national, Jun Wei Yeo, was sentenced to jail after obtaining more than 400 resumes, 90% of them from American military and government officials with some level of security clearance, and passing them to Beijing.
Nor have European targets been immune – a German intelligence report from eight years ago revealed how China was able to obtain data on 10,000 German citizens as potential intelligence sources, while in 2019, the French told a similar story. Two years ago, in 2023, British intelligence chief Ken McCallum revealed that 20,000 Britons had been approached in a similar manner.
In many cases, this targeting was conducted using legitimate job websites, including social network LinkedIn, which has been described as the “ultimate playground” for intelligence gathering.
It is not known if the operation targeting laid-off federal workers was successful, but the effort certainly comes at a dangerous time for the US, and an opportune moment for China as it seeks to exploit Trump’s unique approach to government and policymaking.
“This threat is heightened at a time when thousands of former and current federal workers are seeking new employment,” said Lesser. “If the public and private sectors do not act quickly to address these vulnerabilities, China and other adversaries will continue preying on former public servants who may not be aware of the threat and face pressure to find new jobs quickly.”
He called on the US government to take more active measures to raise awareness of this gathering cyber threat – such as sending representatives to discuss the issue in the media. It should also proactively work with the likes of LinkedIn and other networking sites to monitor potentially suspicious activity, such as job postings that explicitly seek out ex-government employees. LinkedIn could also implement more stringent Know Your Customer policies for people creating company pages on its site.
Lesser also called for Congress to exercise additional oversight through the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence.
Finally, Washington could also turn the situation to its advantage by creating sock puppet accounts to bait Chinese intelligence operatives into coming out of the shadows to make contact.
#chinese #cyber #spooks #lure #laidoff
Chinese cyber spooks lure laid-off US government workers
A Washington DC-based think tank claims it has discovered evidence of a covert network of digital front companies operated by the Chinese intelligence services that are targeting laid-off US government employees.
Since Donald Trump’s inauguration in January, thousands of people have been let go across the US government – including many in cyber security threat intel and research functions – following audits by the Elon Musk-led Department of Government Efficiency.
The mass lay-offs, which the White House says are being done in the name of saving money, have dramatically slowed and even halted many government functions. In some places – such as at the Food and Drug Administration, they are being reversed.
Now, the Federation for the Defence of Democracies, a research institute that focuses primarily on America’s national security and foreign policy, says that Beijing is moving to try to exploit the lay-offs for its own intelligence-gathering purposes.
FDD senior analyst on emerging threats Max Lesser said these fraudulent organisations were posing as geopolitical risk consultancies and headhunting firms that appeared to be based in Japan, Singapore and the US.
“The tactics employed by this network closely resemble previous Chinese intelligence operations targeting US government officials and other high-value targets across the US, Europe and beyond,” said Lesser.
“Despite the network’s efforts to create the illusion that several separate firms outside of China are seeking to recruit laid-off federal employees, the network’s technical features point both to its Chinese origins and the role of a single entity in creating all of its components,” he said.
about nation state threats
UK cyber security chief warns of ‘direct connection’ between Russian cyber attacks and physical threats to the UK.
Two spyware variants are being used to target the mobile devices of persons of interest to Chinese intelligence, including individuals in the Taiwanese, Tibetan and Uyghur communities.
Advanced persistent threat group UNC3886 deployed custom backdoors on end-of-life Juniper Networks routers, underscoring the need for timely patching and advanced security monitoring.
The FDD named the companies as Smiao Intelligence, Dustrategy, RiverMerge Strategies, Tsubasa Insight and Wavemax Innov.
Of these, said Lesser, only Smiao Intelligence appears to be a real company. The others are alleged to be little more than digital fronts operating cloned websites, with artificial intelligence-generated text and clearly fake customer references.
Lesser said it was likely that individuals associated with Smiao created the network themselves for intelligence-gathering purposes, because they all rely on the same China-hosted Tencent server to run their websites, and all but one of them are using – or once did – a China-based email service called chengmail. Additionally, he said, four out of five of the sites share the same SSL certificate.
The FDD was also able to ascertain Smaio was likely the nexus of the covert operation. It has the oldest domain in the group, dating back eight years, and its homepage directs to an apparent parent company, Beijing Simiao Intelligent Information Technology Co Ltd, which is apparently a trademark application agency, officially recognised by China’s State Intellectual Property Office, and was registered as a company in 2012.
Notably, one of the companies, RiverMerge, appeared for a while to have an office in the US – the state of Colorado, to be precise – as well as Singapore, although these references were scrubbed from its website some time before 26 March 2025. US registries do show a company called RiverMerge Strategies LLC, formed in 2024, with a domain registered in Beijing and evidence of a shared phone number with Smiao.
The Chinese state has form dating back the best part of a decade when it comes to using recruitment websites to gather intelligence on US targets. Back in 2020, a Singapore national, Jun Wei Yeo, was sentenced to jail after obtaining more than 400 resumes, 90% of them from American military and government officials with some level of security clearance, and passing them to Beijing.
Nor have European targets been immune – a German intelligence report from eight years ago revealed how China was able to obtain data on 10,000 German citizens as potential intelligence sources, while in 2019, the French told a similar story. Two years ago, in 2023, British intelligence chief Ken McCallum revealed that 20,000 Britons had been approached in a similar manner.
In many cases, this targeting was conducted using legitimate job websites, including social network LinkedIn, which has been described as the “ultimate playground” for intelligence gathering.
It is not known if the operation targeting laid-off federal workers was successful, but the effort certainly comes at a dangerous time for the US, and an opportune moment for China as it seeks to exploit Trump’s unique approach to government and policymaking.
“This threat is heightened at a time when thousands of former and current federal workers are seeking new employment,” said Lesser. “If the public and private sectors do not act quickly to address these vulnerabilities, China and other adversaries will continue preying on former public servants who may not be aware of the threat and face pressure to find new jobs quickly.”
He called on the US government to take more active measures to raise awareness of this gathering cyber threat – such as sending representatives to discuss the issue in the media. It should also proactively work with the likes of LinkedIn and other networking sites to monitor potentially suspicious activity, such as job postings that explicitly seek out ex-government employees. LinkedIn could also implement more stringent Know Your Customer policies for people creating company pages on its site.
Lesser also called for Congress to exercise additional oversight through the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence.
Finally, Washington could also turn the situation to its advantage by creating sock puppet accounts to bait Chinese intelligence operatives into coming out of the shadows to make contact.
#chinese #cyber #spooks #lure #laidoff
·121 Visualizações