DOJ, FBI Seize 13 Websites Tied to Suspected Chinese Effort Targeting U.S. Clearance Holders

The Justice Department and FBI said Wednesday they seized 13 internet domains that authorities say were used by suspected Chinese agents posing as consulting firms to approach current and former U.S. security-clearance holders for sensitive information.

According to a Justice Department Office of Public Affairs press release issued June 10, the websites were used to target U.S. persons, including people with current or former security clearances and access to classified and other sensitive government information. The department said an affidavit filed to support seizure warrants alleges that, beginning in November 2023, conspirators created at least 13 fake consulting-company websites and used them, along with related job postings, to recruit current and former U.S. government and military personnel. The announcement did not include arrests, criminal charges or indictments.

Authorities described a recruiting operation built to look like ordinary online consulting work. According to the Justice Department’s summary of the affidavit, the alleged tactics included aliases, fictitious personas and stolen identities, as well as AI-generated photographs used to make recruiters appear real. The department said targets were offered large payments for reports, pressed for “exclusive” or “insider” information, and moved onto Telegram and other encrypted messaging apps. Payments allegedly were routed from overseas into U.S. bank accounts, including through cryptocurrency, to conceal the source of funds.

The fake opportunities were advertised under titles including “Senior Analyst” and “International Affairs Consultant,” the department said. Recruitment took place through job postings, social media and mainstream hiring and freelance platforms including Upwork, Expertia AI, Hubstaff Talent, Wellfound and Post Job Free.

The Justice Department said the affidavit alleges the domains were used in furtherance of bribery involving current and former public officials, identity theft and international money laundering. After the seizures, the FBI replaced the sites with seizure notices intended to make them inoperable and warn visitors.

Federal officials were careful in describing who was behind the effort. The department said the websites were “backed by suspected Chinese agents,” not that any such link had been proven in court. At the same time, DOJ said the conspirators denied any involvement by a foreign government.

The case closely tracks a broader warning issued just a week ago. On June 3, the Five Eyes intelligence partners — the United States, the United Kingdom, Canada, Australia and New Zealand — published a joint bulletin, “Safeguarding Our Secrets,” warning that China’s military intelligence services were using fake companies, professional networking sites and job platforms to target people with access to classified or privileged information. The methods described Wednesday by the Justice Department closely mirror that warning. Domain seizures are also a familiar disruption tool for DOJ and the FBI; the department used similar seizure banners in a separate March operation involving websites tied to an Iranian influence and hacking campaign.

John A. Eisenberg, the assistant attorney general for national security, said the operation showed how online recruiting can be used to pull Americans toward disclosing protected information. “These domain seizures offer a glimpse at how foreign actors can use promises of easy money to lure Americans into revealing sensitive or classified information that they are duty-bound to protect,” Eisenberg said.

The practical message from the government was straightforward: what appears to be paid research or consulting work online may in some cases be an attempt to collect classified or otherwise sensitive information from people once trusted with access to it.