The United States and its closest intelligence partners have issued a rare coordinated warning that Chinese military intelligence is running a systematic recruitment campaign against security-cleared personnel via mainstream professional networking platforms.
Intelligence Lead
The Five Eyes intelligence alliance — comprising the United States, United Kingdom, Canada, Australia, and New Zealand — has published a joint advisory warning that Chinese military intelligence operatives are exploiting platforms including LinkedIn, Indeed, and Upwork to identify, approach, and recruit individuals with access to classified or sensitive government information. The campaign represents one of the most operationally sophisticated and broadly scaled human intelligence collection efforts attributed to Beijing, and targets personnel across defence, foreign policy, and security sectors within allied nations.
Situation Report
The joint advisory, published in early June 2026, identifies the People's Liberation Army Intelligence Support Force and affiliated civilian front operators as the primary actors behind the campaign. Operatives are assessed to construct credible professional personas, posing as employees of private consultancies, think tanks, or human resources firms before deploying job advertisements targeting foreign policy analysts, defence contractors, and individuals holding government security clearances.
Initial contact is designed to appear entirely routine. Targets receive connection requests or direct messages from apparently legitimate professional profiles. Those who respond are progressively drawn into a structured recruitment cycle: first asked to submit written analytical reports on topics including China-related trade policy, bilateral defence relations, or regional security dynamics. Compensation offered ranges from several hundred to several thousand US dollars per submission, delivered via PayPal, Western Union, or cryptocurrency channels to preserve operational distance.
Once an initial payment relationship is established, operatives escalate requests for more sensitive material and migrate contact to encrypted messaging platforms, including Signal and Telegram, in order to reduce exposure to platform monitoring. Security clearance holders, military personnel, and those with indirect access to government data — including academics, journalists, and think tank researchers — are assessed as primary target profiles. The campaign is not confined to current government employees; individuals who have recently left cleared positions and may retain residual access or institutional knowledge are also being approached.
Agencies including MI5, the FBI, the Canadian Security Intelligence Service (CSIS), ASIO, and New Zealand's Security Intelligence Service have all contributed to the advisory, marking a level of allied coordination in counterintelligence messaging that is rare in frequency and deliberate in its public visibility.
Background & Context
China's use of open-source platforms for intelligence recruitment is not a new phenomenon, but the scale and coordination of the current campaign marks a significant operational evolution. Previous iterations of this tactic, documented by the FBI and MI5 in prior years, relied more heavily on direct outreach to individuals at academic and defence conferences or via personal email. The migration to commercially mainstream hiring platforms represents a deliberate effort to exploit the legitimacy and volume of professional networking activity, where unsolicited contact carries reduced social suspicion.
The timing of the joint advisory is strategically significant. It arrives amid heightened scrutiny of Chinese intelligence activity across allied nations, a period marked by several high-profile prosecutions of individuals accused of passing information to Chinese handlers — cases in the United Kingdom, the United States, and Australia — and ongoing tensions over Taiwan, the South China Sea, and technology transfer controls. The advisory functions both as a public warning to potential targets and as a political signal to Beijing that allied counterintelligence services are operating in close coordination.
The Five Eyes public messaging strategy has shifted notably in recent years. Where intelligence agencies historically avoided public attribution and disclosure, the alliance has increasingly moved toward overt warnings — calculating that transparency serves a dual purpose: alerting potential recruits to the threat and demonstrating allied resolve to Beijing. The LinkedIn advisory follows similar joint warnings over state-sponsored cyber intrusion campaigns and influence operations.
Analysis & Assessment
The operational logic of the LinkedIn recruitment campaign is sound from an intelligence tradecraft perspective. Professional platforms provide cover, volume, and plausible deniability. An intelligence officer can approach dozens of potential assets simultaneously with minimal operational risk; failed approaches generate no significant blowback, while successful ones yield a scalable network of low-cost, compartmented sources. The use of analytical reports as an entry mechanism is assessed as particularly effective — it normalises the provision of information, conditions targets to the exchange relationship, and allows operators to assess the quality and sensitivity of an individual's knowledge before escalating.
The joint advisory is likely to produce a short-term increase in reporting by cleared personnel of suspicious approaches, which will in turn generate operational intelligence for allied counterintelligence services seeking to map the full scope of the network. However, the campaign's fundamental architecture — distributed, commercially embedded, and operating at significant removes from identifiable intelligence infrastructure — makes wholesale disruption difficult. Beijing is assessed to absorb the reputational cost of the advisory while continuing operations with modified tactics, including greater use of third-country front entities and non-Five Eyes platform alternatives.
The broader implication is structural. As the boundary between professional and intelligence activity continues to erode in the digital environment, the attack surface for human intelligence collection grows proportionally. Allied security services face a persistent tension between the economic openness required for innovation and the security constraints needed to protect classified knowledge — a tension that Beijing is deliberately and systematically exploiting.