惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Vulnerabilities – Threatpost
T
The Blog of Author Tim Ferriss
S
SegmentFault 最新的问题
D
DataBreaches.Net
博客园_首页
罗磊的独立博客
B
Blog
T
Threat Research - Cisco Blogs
C
Cisco Blogs
GbyAI
GbyAI
Engineering at Meta
Engineering at Meta
WordPress大学
WordPress大学
G
GRAHAM CLULEY
H
Help Net Security
酷 壳 – CoolShell
酷 壳 – CoolShell
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
爱范儿
爱范儿
SecWiki News
SecWiki News
T
Threatpost
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Schneier on Security
Schneier on Security
T
The Exploit Database - CXSecurity.com
Google Online Security Blog
Google Online Security Blog
T
Tor Project blog
小众软件
小众软件
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Y
Y Combinator Blog
H
Hacker News: Front Page
V
V2EX
Security Latest
Security Latest
Cloudbric
Cloudbric
Simon Willison's Weblog
Simon Willison's Weblog
Attack and Defense Labs
Attack and Defense Labs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
P
Proofpoint News Feed
博客园 - 三生石上(FineUI控件)
NISL@THU
NISL@THU
S
Secure Thoughts
Blog — PlanetScale
Blog — PlanetScale
博客园 - 司徒正美
V2EX - 技术
V2EX - 技术
Vercel News
Vercel News
P
Palo Alto Networks Blog
IT之家
IT之家
MyScale Blog
MyScale Blog
有赞技术团队
有赞技术团队
Application and Cybersecurity Blog
Application and Cybersecurity Blog
D
Docker
Google DeepMind News
Google DeepMind News
Webroot Blog
Webroot Blog

GRAHAM CLULEY

The ransomware negotiator who was working for the other side Invited to a "job interview" with Netflix or OpenAI? Beware! Your Google password could be at risk Smashing Security podcast #475: JadePuffer - the AI that ran a ransomware attack all by itself Two arrested over credit card phishing - as the Netherlands is named Europe's worst for payment fraud The Gentlemen ransomware: what you need to know Smashing Security podcast #474: Polymarket can predict the future. So how did it miss this hack? Scammers race to cash in on Venezuelan earthquake disaster USB drives carrying China-linked malware infected Japanese military networks for nearly a year Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup Hacker hijacks Brazil's national alert system, sending "misanthropy" to millions of phones Apple's Hide My Email tweak leaves privacy fans fuming Imposter scams cost Americans $3.5 billion in 2025 – and it’s getting worse Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed Maine forced to take down data breach portal after fake notices filed with authorities Privacy own-goal: World Cup blunder leaks Lionel Messi's passport details Silent Ransom Group: what you need to know Smashing Security podcast #471: This AI worm just rewrote its own rules Why schools remain one of cybercriminals' favourite targets Meta’s own AI chatbot to blame for Instagram accounts being stolen in seconds Smashing Security podcast #470: This AI security flaw might be impossible to fix Police arrest man following hack of Ajax football club MyPillow listed on ransomware gang's leak site, but denies it has been breached Smashing Security podcast #469: What your Oura ring won’t tell you FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts — no password required Defenders fall behind, as AI rewrites the rules of a data breach Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Suspected Dream Market kingpin arrested after gold bars sent to his home address When ransomware gets physical: cybercriminals turn to threats of violence Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities One in eight UK workers has sold their company passwords, and bosses think it’s fine Inside Department 4: Russia's secret school for hackers Sri Lanka makes 37 arrests as it raids another scam centre Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions Alleged Silk Typhoon hacker extradited to the United States to face charges French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not Singer loses life savings to fake wallet downloaded from the Apple App Store Sometimes changing the password on your email mailbox isn’t enough 108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users AI and cryptocurrency scams are costing Americans billions, FBI reports Life imprisonment for Cambodian scam compound operators - but will it make a difference? Nigerian romance scammer jailed after being caught out by fellow fraudster Alleged RedLine malware developer extradited to United States Iranian hackers breach FBI director's personal email, and post his CV and photos online World Leaks data extortion: What you need to know How one man used 10,000 bots to steal $8,000,000 from music artists Denver's crosswalks hacked to broadcast anti-Trump messages LeakNet ransomware: what you need to know Free parking in Russia after Distributed Denial-of-Service attack knocks city's parking system offline Fraudsters are using public planning records to target permit applicants Your Signal account is safe - unless you fall for this trick Twitter suspended 800 million accounts last year — so why does manipulation remain so rampant? How hackers bypassed MFA with a $120 phishing kit - until a global takedown shut it down They seized $4.8m in crypto... then gave the master key to the internet
Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5
Graham CLULEY · 2026-06-06 · via GRAHAM CLULEY

If you've ever received an out-of-the-blue message via LinkedIn from a recruiter offering some well-paid consultancy work, intelligence agencies have a message for you: be very careful.

A joint bulletin published earlier this week by the FBI, MI5, Australia's ASIO, Canada's CSIS, and New Zealand's NZSIS has warned that China's military intelligence services are actively using professional networking sites and online job platforms to recruit Western workers into handing over sensitive information.

According to the bulletin, entitled "Safeguarding Our Secrets", Chinese intelligence officers - or third parties acting on their behalf - are posing as employees of private consultancies, think tanks, and HR firms.

These fake "cover companies" reportedly pretend that they are based outside China in order to give them an air of legitimacy, and are said to be mostly targeting people whose career has ever touched government, defence, or foreign policy.

The bulletin describes the different stages of the operation.

Firstly, adverts for jobs are posted on platforms including LinkedIn, Indeed, and Upwork, and CVs of respondents are ranked based upon the likelihood that the applicant may have access to sensitive information.

Online interviews follow, during which recruiters conceal their true identity and probe job applicants about any government contacts they might have. Military applicants, meanwhile, may be asked about their roles, unit activities, home base, or even the naval vessel they serve upon.

Successful candidates are then asked to write a trial report on a seemingly innocuous topic. According to the advisory, topics include China's bilateral relations, the Indo-Pacific region and related defence issues, and international trade.

With a working relationship established, recruits are told that further work will require more privileged material, and the conversation shifts to an encrypted messaging app.

Job seekers may be pleased to learn that they will paid anywhere between a few hundred and several thousand dollars per report - with payments made via platforms such as PayPal, Payoneer, Zelle, Skrill, Wise, Western Union, or digital cryptocurrency.

According to the intelligence agencies, targets do not need security clearances to be of use to Chinese spies. Even unclassified information on government policy, military strategy, or capabilities can be combined with more sensitive material to form what the agencies call "a comprehensive operational picture."

Potential targets, according to the bulletin, include academics, journalists, freelance writers, and think tank employees.

Even if you were to apply for a job and go no further, there are said to be risks. Western agencies warn that just submitting a CV containing your employer history, specialist knowledge, and details of professional contacts has am intelligence value.

The Five Eyes intelligence agencies behind the publication of the advisory say that they have already identified individuals who have undertaken activities for China, and that they face potential criminal prosecution, the loss of their jobs, and revocation of security clearances.

Potential targets are urged to treat unsolicited approaches with scepticism, particularly if a job opportunity appears peculiarly well-targeted to your specific background, or if the online conversation is moved quickly to an encrypted messaging app.

China has predictably rejected the bulletin, describing its allegations as "entirely fabricated" and "malicious slander," before describing Five Eyes members as being the real threat to international stability.