The seizure of 13 domains operating as fake consulting firms confirms Beijing has moved human-source recruitment online — at industrial scale.

Intelligence Lead

Federal authorities have seized 13 internet domains operating as fake consulting firms built to recruit current and former US government and military personnel on behalf of suspected Chinese intelligence officers. The takedown, announced 10 June, confirms what counterintelligence officials have warned of for years: Chinese services have shifted human-source recruitment from in-person cultivation to scalable virtual operations run through professional networking and job platforms. The strategic significance lies less in the 13 domains than in the model they validate — recruitment as infrastructure, deployed at volume against the US clearance-holding population.

Situation Report

The Department of Justice confirmed the seizure of 13 domains associated with front companies including Centrik Global Consulting, Rightinfo Consulting, Finnacle-Vesper Consulting, CYDF Consulting, Pulse Wave Global, Catalyst Global Solutions, Horizzen, GeoIndopacific, and SafeSec Group. According to court documents, the campaign began in November 2023 and targeted current or former US government and military employees through job listings for consulting and analyst roles.

Officials confirmed the operators used aliases, fabricated personas, stolen identities, and artificial intelligence-generated photographs to lend the firms credibility. Once applicants engaged, handlers pressured them to produce research reports or supply insider information on topics of interest to the Chinese government. Tradecraft documented in the filings included encrypted messaging applications such as Telegram, overseas payments, cryptocurrency transfers, and online payment accounts registered under false names.

The seizure follows a joint advisory issued in the first week of June by the United States and its Five Eyes partners — the United Kingdom, Canada, Australia, and New Zealand — warning that Chinese intelligence services are aggressively using professional networking and job platforms to target military officers, intelligence personnel, and others with access to classified or sensitive material. The proximity of the two actions is assessed as deliberate sequencing: public warning first, enforcement action second.

Background & Context

Virtual recruitment is not a new Chinese tradecraft development, but its scale is. The pattern was first prosecuted prominently in the case of former CIA officer Kevin Mallory, recruited via a LinkedIn approach in 2017, and in repeated German and British domestic intelligence warnings of thousands of fake recruiter profiles targeting their officials. What has changed, assessed with high confidence, is the maturity of the infrastructure: registered companies, functioning websites, AI-generated staff photographs, and payment rails designed to obscure the foreign nexus.

The targeting logic is economic. Traditional human-source cultivation requires officers in place, cover, and time. A front-company web presence costs little, operates continuously, and lets targets self-select by responding to job listings — inverting the classic recruitment funnel. The approach also exploits a structural US vulnerability: a large population of cleared personnel transitioning to the private sector, where consulting offers from unfamiliar firms are routine rather than suspicious.

Analysis & Assessment

The assessment of this desk is that the domain seizures represent disruption, not defeat. Domain infrastructure is cheap and replaceable; the operating model — front consultancies harvesting cleared personnel through legitimate platforms — survives the takedown intact. Reconstitution under new corporate identities is judged highly likely within months, with migration toward freelance marketplaces and direct-approach messaging probable as job platforms harden.

The public, named nature of the action carries its own analytical weight. By publishing the front-company names and tradecraft details, the DOJ and FBI are prioritising inoculation of the target population over quiet monitoring of the network — a trade-off that suggests officials assessed the ongoing collection risk as outweighing the counterintelligence value of continued observation. Coordinated with the Five Eyes advisory, this points to an alliance-wide campaign of exposure intended to raise the cost and lower the yield of Chinese virtual recruitment. Whether exposure meaningfully degrades a model built on volume remains unproven; available reporting indicates approach attempts have grown, not shrunk, since earlier public warnings.