When the Job Offer Is a Trap: Chinese Espionage Campaign Targets Laid-Off Feds

Intelligence linkedin

In the aftermath of widespread downsizing across federal agencies, thousands of former employees turned to LinkedIn and online job boards in search of their next opportunity. Many of them never imagined that simply submitting a resume could make them a target for foreign intelligence.

A recent report from the Foundation for Defense of Democracies (FDD) warns that Chinese intelligence services are actively exploiting laid-off U.S. federal workers through a highly coordinated online recruitment campaign. The operation uses fake consulting firms, false job postings, and direct outreach to gather sensitive information from those who once held or supported national security positions.

A Familiar Tactic, Refined for a New Moment

This latest campaign is not based on hacking or malware. Instead, it is built around digital deception. Intelligence operatives are impersonating recruiters and consultants, using names like “RiverMerge Strategies” and “Tsubasa Insight” to lend credibility to fraudulent job offers. In several cases, these fake firms claimed to specialize in geopolitical risk or defense analysis, and even advertised positions located in Washington, D.C., or other strategic areas.

Applicants were encouraged to submit resumes and respond to job queries that asked for detailed accounts of previous work experience. Although the information requested may appear unclassified, it can be used to map out organizational structures, internal project timelines, and interagency collaboration. As FDD’s Max Lesser noted, even a resume can provide valuable insight into how the U.S. government operates.

The report identified five entities connected to the campaign, including one legitimate Chinese internet company and four shell firms with no real business activity. The websites associated with these groups were hosted on a single server owned by the Chinese tech giant Tencent, according to FDD.

Exploiting Post-Employment Vulnerabilities

China’s recruitment of current and former federal employees is not new. The 2020 conviction of Jun Wei Yeo, a Singaporean national who used LinkedIn and a fake firm to collect hundreds of resumes from cleared professionals, remains a cautionary example. What has changed is the context.

Many federal professionals today are navigating job loss, economic uncertainty, or early retirement. In this vulnerable moment, they are more likely to respond to what looks like a legitimate opportunity, especially if it appears to draw on their experience. This creates an opening for adversaries who understand both human behavior and the intricacies of the U.S. federal workforce.

The tactic is clever because it requires no technical intrusion. Instead, it relies on psychological insight and careful targeting. A resume sent in confidence becomes a source of exploitable intelligence.

Counterintelligence Starts with Awareness

While the campaign is focused on former federal employees, the risk does not stop there. Defense contractors, intelligence-adjacent professionals, and even state and local officials may be vulnerable to similar approaches. Anyone who works in proximity to sensitive government operations should be cautious when approached by unknown firms or recruiters, especially those offering overseas contracts or high-paying short-term roles.

Vetting unfamiliar companies through public records, checking domain registrations, and avoiding the disclosure of detailed project information in initial conversations are all smart practices. Suspicious outreach should be reported to security managers or federal authorities.

This is not a reason to avoid legitimate career transitions, but it is a reminder that counterintelligence is no longer limited to secure facilities or classified networks. In an era of digital outreach and remote work, the battleground includes your inbox, your LinkedIn messages, and the job boards you use.

A National Security Wake-Up Call

At a strategic level, this campaign reveals how adversaries are adapting to the shifting realities of the U.S. workforce. Layoffs, early retirements, and an increasingly digital hiring environment have created new opportunities for espionage that do not rely on hacking or bribery. Instead, they rely on appearing helpful, credible, and professional.

This moment calls for renewed attention to post-employment counterintelligence, particularly for those leaving public service with knowledge of critical systems or agencies. A well-timed job offer may not just be a scam. It could be part of a broader effort to map, understand, and ultimately exploit the institutions that protect the country.

What used to be the final step in a federal career may now be the first step in a new kind of threat.

Related News

Shane McNeil is a doctoral student at the Institute of World Politics, specializing in statesmanship and national security. As the Counterintelligence Policy Advisor on the Joint Staff, Mr. McNeil brings a wealth of expertise to the forefront of national defense strategies. In addition to his advisory role, Mr. McNeil is a prolific freelance and academic writer, contributing insightful articles on data privacy, national security, and creative counterintelligence. He also shares his knowledge as a guest lecturer at the University of Maryland, focusing on data privacy and secure communications. Mr. McNeil is also the founding director of the Sentinel Research Society (SRS) - a university think tank dedicated to developing creative, unconventional, and non-governmental solutions to counterintelligence challenges. At SRS, Mr. McNeil hosts the Common Ground podcast and serves as the Editor-in-Chief of the Sentinel Journal. All articles written by Mr. McNeil are done in his personal capacity. The opinions expressed in this article are the author’s own and do not reflect the view of the Department of Defense, the Defense Intelligence Agency, or the United States government.