When the Job Offer Is a Trap: Chinese Espionage Campaign Targets Laid-Off Feds

Intelligence linkedin

In the aftermath of widespread downsizing across federal agencies, thousands of former employees turned to LinkedIn and online job boards in search of their next opportunity. Many of them never imagined that simply submitting a resume could make them a target for foreign intelligence.

A recent report from the Foundation for Defense of Democracies (FDD) warns that Chinese intelligence services are actively exploiting laid-off U.S. federal workers through a highly coordinated online recruitment campaign. The operation uses fake consulting firms, false job postings, and direct outreach to gather sensitive information from those who once held or supported national security positions.

A Familiar Tactic, Refined for a New Moment

This latest campaign is not based on hacking or malware. Instead, it is built around digital deception. Intelligence operatives are impersonating recruiters and consultants, using names like “RiverMerge Strategies” and “Tsubasa Insight” to lend credibility to fraudulent job offers. In several cases, these fake firms claimed to specialize in geopolitical risk or defense analysis, and even advertised positions located in Washington, D.C., or other strategic areas.

Applicants were encouraged to submit resumes and respond to job queries that asked for detailed accounts of previous work experience. Although the information requested may appear unclassified, it can be used to map out organizational structures, internal project timelines, and interagency collaboration. As FDD’s Max Lesser noted, even a resume can provide valuable insight into how the U.S. government operates.

The report identified five entities connected to the campaign, including one legitimate Chinese internet company and four shell firms with no real business activity. The websites associated with these groups were hosted on a single server owned by the Chinese tech giant Tencent, according to FDD.

Exploiting Post-Employment Vulnerabilities

China’s recruitment of current and former federal employees is not new. The 2020 conviction of Jun Wei Yeo, a Singaporean national who used LinkedIn and a fake firm to collect hundreds of resumes from cleared professionals, remains a cautionary example. What has changed is the context.

Many federal professionals today are navigating job loss, economic uncertainty, or early retirement. In this vulnerable moment, they are more likely to respond to what looks like a legitimate opportunity, especially if it appears to draw on their experience. This creates an opening for adversaries who understand both human behavior and the intricacies of the U.S. federal workforce.

The tactic is clever because it requires no technical intrusion. Instead, it relies on psychological insight and careful targeting. A resume sent in confidence becomes a source of exploitable intelligence.

Counterintelligence Starts with Awareness

While the campaign is focused on former federal employees, the risk does not stop there. Defense contractors, intelligence-adjacent professionals, and even state and local officials may be vulnerable to similar approaches. Anyone who works in proximity to sensitive government operations should be cautious when approached by unknown firms or recruiters, especially those offering overseas contracts or high-paying short-term roles.

Vetting unfamiliar companies through public records, checking domain registrations, and avoiding the disclosure of detailed project information in initial conversations are all smart practices. Suspicious outreach should be reported to security managers or federal authorities.

This is not a reason to avoid legitimate career transitions, but it is a reminder that counterintelligence is no longer limited to secure facilities or classified networks. In an era of digital outreach and remote work, the battleground includes your inbox, your LinkedIn messages, and the job boards you use.

A National Security Wake-Up Call

At a strategic level, this campaign reveals how adversaries are adapting to the shifting realities of the U.S. workforce. Layoffs, early retirements, and an increasingly digital hiring environment have created new opportunities for espionage that do not rely on hacking or bribery. Instead, they rely on appearing helpful, credible, and professional.

This moment calls for renewed attention to post-employment counterintelligence, particularly for those leaving public service with knowledge of critical systems or agencies. A well-timed job offer may not just be a scam. It could be part of a broader effort to map, understand, and ultimately exploit the institutions that protect the country.

What used to be the final step in a federal career may now be the first step in a new kind of threat.

Related News

Dr. Shane McNeil is a graduate of the Institute of World Politics, where he specialized in statesmanship and national security. His scholarship focuses on strategic competition, counterintelligence, and the philosophical foundations of American national defense. Dr. McNeil is the founding director of the Sentinel Research & Policy Institute (SRPI), a nonprofit think tank dedicated to developing innovative, non-governmental solutions to contemporary national security challenges. At SRPI, he hosts the Common Ground podcast and serves as Editor-in-Chief of the Sentinel Journal, leading research initiatives and mentoring emerging scholars in intelligence and national security studies. Previously, Dr. McNeil served as the Counterintelligence Policy Advisor on the Joint Staff, where he contributed to national defense strategy and counterintelligence policy development. He has also held senior leadership roles within the defense and intelligence community, bringing operational and strategic experience to his academic and policy work. In addition to his professional service, Dr. McNeil is a prolific freelance and academic writer, publishing on topics including counterintelligence, national security strategy, and data privacy. He has served as a guest lecturer at the University of Maryland, teaching on data privacy and secure communications. All articles written by Dr. McNeil are authored in his personal capacity. The opinions expressed are solely his own and do not reflect the views of any former employer or affiliated institution.