China's AI Espionage Machine Targets Cleared Americans Online

Chinese intelligence operatives have turned artificial intelligence and professional networking sites into weapons, systematically hunting down Americans who hold security clearances and could hand over classified information with a keystroke.

The FBI seized 13 fake consulting websites on June 10, confirming that Beijing has evolved its espionage playbook to exploit the digital footprints of cleared government and military personnel.

The takedown exposes a stark vulnerability in how the nation's most sensitive workers navigate professional life online.

The seized domains included Centrik Global Consulting, Rightinfo Consulting, Finnacle-Vesper Consulting, and Catalyst Global Solutions. All four sites launched in November 2023 with a single mission: recruiting Americans who carry security clearances and access to classified information.

The Justice Department accused the operators of conspiracy to commit bribery, identity theft, and international money laundering.

The conspirators built convincing corporate facades using AI-generated employee photographs, stolen identities, and encrypted messaging through Telegram. They offered "relatively large payments for research reports" through cryptocurrency and overseas payment platforms to obscure their operations, according to an FBI affidavit.

Professional networking platforms became the primary hunting ground for the state-sponsored campaign. Recruiters posted positions as "Senior Analyst," "Defense Analyst," and "International Affairs Consultant" on LinkedIn, Upwork, Expertia AI, and other sites, specifically targeting cleared Americans.

Seven unnamed individuals were recruited through the websites. Recruiters pressed them for "exclusive" or "insider" information on topics spanning China-US relations, Iran, and the Israel-Palestine conflict.

A Five Eyes intelligence alliance bulletin issued June 4 warned that Chinese military intelligence services are exploiting professional networking sites to target government and military personnel with classified access. MI5 Director General Ken McCallum described an operation involving more than 20,000 people contacted via LinkedIn and similar platforms.

Naval Criminal Investigative Service assessments from March 2025 show foreign adversaries actively exploiting federal workforce reductions to recruit disgruntled cleared workers.

This recruitment campaign operates within a broader Chinese national security strategy that includes simultaneous cyber threats. The Volt Typhoon botnet targeting US critical infrastructure has been revived following a 2024 disruption, while the related JDY botnet has grown to more than 1,500 compromised devices as of June 2026.

American Security Project data reveals 224 Chinese Communist Party-related espionage cases identified from 2000 to 2023, with about 80 percent of espionage prosecutions since 2018 benefiting the CCP.

"The fake consulting company domains seized by the FBI illustrate the lengths the Chinese government's intelligence services will go to as they try to use AI-generated content to trick, recruit, or coerce current and former US security clearance holders into sharing sensitive information," said Roman Rozhavsky, assistant director of the FBI Counterintelligence and Espionage Division.

The Five Eyes bulletin states China's military intelligence services "are using an increasingly wide array of professional networking sites and online job platforms to target Five Eyes government and military personnel."

Chinese officials dismissed the allegations as "entirely fabricated" and "malicious slander." The CCP-affiliated Global Times called the narrative "nothing more than a case of 'thief crying stop thief.'"

These denials clash with the documented evidence of 13 seized domains, AI-generated profiles, and the FBI affidavit detailing how operators used fake companies to solicit classified information. The operation's sophistication—involving contracts, nondisclosure agreements, and cryptocurrency payments—demonstrates systematic state sponsorship rather than isolated criminal activity.

The investigation began when targets recognized suspicious interactions and reported them to authorities.

"A lot of this information came from doing interviews, interviews with people who came forward that something didn't seem right," said FBI Special Agent Dan Wierzbicki. "They provided information and said, 'Hey, this is kind of weird, we're kind of getting paid by a cryptocurrency or an online payment system that's not typical.'"

The seizure represents a civil domain action with no criminal indictments filed against the overseas operators, leaving the underlying operational capability intact. FBI officials believe other websites serve similar purposes and are seeking public assistance to identify them.

The limited response highlights the need for more aggressive counterintelligence measures beyond domain seizures.

China has made economic espionage "a central component of its national strategy," according to FBI Director Chris Wray. The recruitment sites, Volt Typhoon botnet revival, and AI-driven influence operations represent coordinated tracks of a broader intelligence effort targeting American innovation and national security.

With federal employment down by 59,000 since January 2025 due to administration workforce reductions, the pool of vulnerable cleared personnel has expanded significantly.

The operation demands immediate policy action, including stricter social media vetting for cleared personnel and enhanced digital literacy training. Professional networks that aggregate individuals with access to classified information have become critical vulnerabilities that Beijing systematically exploits.

Behind every seized domain and every recruitment attempt stands an American worker who trusted a digital handshake. The question now is whether the government will protect them before Beijing's intelligence services find the next target.