Cash-for-intel tradecraft continues to concern intelligence officials years after it was first spotted
MI5 and its international allies are once again warning that China is shopping for state secret leakers on popular recruitment platforms, including LinkedIn, Indeed, and Upwork.
In a fresh advisory published on Wednesday evening, the UK’s domestic counter-intelligence agency said China is using an increasing number of platforms to recruit those who have access to classified or privileged information.
Chinese military intelligence officers specifically target security clearance holders, including marks working in defense, security, and foreign affairs, military personnel, and those with indirect access to government information, such as academics, journalists, think tank employees, and others.
Anyone who fits the bill is being urged to remain vigilant to potential attempts from Chinese operatives to cultivate long-term relationships.
Successful candidates are pressured to provide 'non-public' information for unspecified clients who are associated with the Chinese government.
“These actors use an aggressive online recruitment strategy whereby intelligence officers or their affiliates pose as employees of private consultancies, think tanks, or human resources firms, and place online job advertisements for foreign policy and defence analysts (or similar),” the advisory [PDF] states.
“Successful candidates are pressured to provide 'non-public' information for unspecified clients who are associated with the Chinese government. China’s military intelligence services ultimately seek to acquire privileged military, political, and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes.”
According to MI5, after the job and gig-work ads are posted online, China’s spies will rank the resumes they receive based on how likely a given individual is to have information of interest before interviewing them.
It warned that even by sending a resume over, which includes personal details, a person is risking their own security and privacy.
Targets face probing questions about who they know in government. For those in the military, they might be asked about where they were based, and what tasks they were responsible for.
After demanding potential recruits complete a trial report on matters related to China, the spies will often shift conversations to encrypted messaging platforms where recruits are offered payments in exchange for increasingly privileged information.
Payments may arrive through a number of online platforms, including reputable services like PayPal, Zelle, and Wise, to others more commonly associated with associated with illegality, such as Western Union and cryptocurrency.
MI5 closed out its advisory with a warning to anyone even considering a life of peddling secrets to China: doing so comes with severe consequences.
“Certain types of data can place the lives of frontline military or other personnel at risk, can weaken our economic prosperity, and enable interference in our democratic processes,” it said.
“Individuals engaged in the unauthorized disclosure of sensitive or classified information could face a number of consequences, including prosecution under national laws such as those relating to espionage.”
A common theme
This week’s admonition is far from the first issued by the UK in response to this particular aspect of Chinese spies’ tradecraft.
The most recent came in November when UK security minister Dan Jarvis reminded the UK's House of Commons that members should have received information about Chinese attempts to recruit parliamentarians through identical means.
In those information packs disseminated by MI5, Brit politicos were given the names of two online profiles that the counter-intelligence agency suspected of being involved in recruitment campaigns.
MI5 dished out an earlier warning in 2021, saying that around 10,000 Britons had been targeted by Chinese spies over the previous five years using work platforms, posing as headhunters.
The 10,000 figure, it added, was thought to be a conservative estimate, with the agency's head, Ken McCallum, saying workplace platforms were being exploited “on an industrial scale.”
The US said it was seeing similar tactics used when President Trump took office for the second time, which shortly after led to mass redundancies across federal agencies.
Experts at the Foundation for Defense of Democracies (FDD) named five supposed consulting companies targeting the recently jobless via LinkedIn, Craigslist, and others, all in search of state secrets.
The companies would present the fired workers with job opportunities, and as FDD senior analyst Max Lesser told The Register at the time, the layoffs, which began in February 2025, would have likely raised the risk level associated with state secrets being spilled. ®