Thirteen websites — set up to look like legitimate consulting firms and aimed at people with U.S. security clearances — were seized this week by the FBI and the Justice Department, officials said.
FBI and DOJ seize 13 domains tied to alleged intelligence collection
In a press release, the Department of Justice said the seized domains were created to advertise vague, well‑paid consulting roles aimed specifically at security‑clearance holders. According to court documents cited by the DOJ, the campaign began in November 2023 and sought to entice current and former U.S. officials and military personnel into producing research reports or sharing insider information on topics of interest to the Chinese government.
The domains were linked to firm names including Centrik Global Consulting, Rightinfo Consulting, Finnacle‑Vesper Consulting, CYDF Consulting, Pulse Wave Global, Catalyst Global Solutions, Horizzen, GeoIndopacific, SafeSec Group and others. The takedowns were described by the Justice Department as the latest U.S. government effort to disrupt foreign intelligence schemes that blend online recruiting and financial incentives to reach Americans with access to sensitive national security information.
Recruiting playbook: job sites, fake personas, encrypted apps and cryptocurrency
The DOJ said the operators used a mix of techniques to create credibility and mask true control. The campaign relied on familiar job‑market platforms and freelance sites to advertise positions such as “Senior Analyst” and “International Affairs Consultant.” Operators used aliases, fake personas, stolen identities and artificial‑intelligence‑generated photographs to make the companies appear legitimate, the affidavit supporting the seizure warrants stated.
The alleged scheme also involved encrypted messaging apps, including Telegram, overseas payments, cryptocurrency, and online payment accounts registered under false names. Prosecutors described a recruitment chain that combined online job listings, private messaging and payment channels to reach and reward targets.
Past reporting shows pattern of sham consulting firms and outreach
U.S. reporting from earlier this year documented related contacts that fit the same pattern. Nextgov/FCW reported in January that a suspected Chinese intelligence outfit contacted a former senior State Department official late last year, offering payment for an assessment of U.S. policy priorities in Venezuela. The person who reached out claimed affiliation with a sham consulting firm that had appeared in research first reported by Nextgov/FCW the previous September; that research assessed the firm was part of a broader network of fake companies tied to China.
Army memo from Lt. Gen. Anthony R. Hale and the workforce context
The Justice Department framed the seizures against a backdrop of personnel instability inside the U.S. federal workforce. Waves of federal layoffs over the past year, DOJ materials said, have pushed thousands of government employees and contractors into an uncertain job market and created renewed collection opportunities for foreign intelligence services.
In a rare public disclosure intended to highlight the risk, Army Deputy Chief of Staff for Intelligence Lt. Gen. Anthony R. Hale issued a memo in November warning that foreign adversaries are targeting soldiers, civilians and their families through fake companies and phony recruiters. The advisory was sent to more than a million personnel across the Army and later to members of the media, the DOJ’s summary noted.
What this means for security‑clearance holders, policymakers, and technologists
- Security‑clearance holders and military personnel: The campaign’s reported use of familiar job platforms, well‑paid but vague roles, encrypted messaging and overseas payments suggests individuals who are seeking outside work or freelance income could be particularly vulnerable and should be wary of unsolicited offers that request insider information.
- Policymakers and agency leaders: The DOJ presentation ties the activity to broader workforce trends, noting that layoffs and employment uncertainty can create collection opportunities. That linkage frames personnel stability and outreach to at‑risk staff as part of mitigation planning.
- Technologists and security teams: The combination of public job marketplaces, AI‑generated imagery, stolen identities and cryptocurrency payments underscores the need for detection controls around recruitment channels, verification of prospective contractors and scrutiny of payment flows tied to external consultants.
The seizures reflect a law‑enforcement intervention against an online recruiting model that leverages commercial platforms, synthetic personas and covert payment methods to harvest sensitive information. The Justice Department framed the action as one element of broader disruption efforts; the record left on the public filings and the Army’s memo shows how personnel churn and the proliferation of digital tools have been folded into a targeted approach.
