You might think it's a genuine offer made to you on LinkedIn.
On the same platforms where careers are built and opportunities sought, a more calculated search has been quietly underway. Chinese intelligence operatives have been posing as recruiters on LinkedIn, Indeed, and Upwork, using the familiar language of professional advancement to identify and cultivate government and military insiders willing — knowingly or not — to trade state secrets for payment. In early June, MI5 and the Five Eyes alliance named the tactic openly, reminding us that in an age of digital connection, the oldest vulnerabilities — ambition, trust, financial need — remain the most exploitable.
- Chinese intelligence operatives have embedded themselves inside mainstream job platforms, using the unremarkable appearance of recruitment ads to hunt for security-cleared personnel.
- The operation moves in deliberate stages — from job posting to application screening to virtual interview to paid writing assignments — each step designed to extract more sensitive knowledge without triggering alarm.
- Targets extend well beyond government offices: academics, think tank researchers, and anyone holding a clearance are considered fair game, broadening the exposure considerably.
- MI5 has already identified specific fake profiles linked to China's Ministry of State Security, one of which made direct contact with a parliamentary researcher — a reminder that the threat is not theoretical.
- The Five Eyes alliance has issued a joint public warning and the UK government is pointing to recent prosecutions as proof it has the legal reach to act, while also investing £170 million in encrypted communications infrastructure.
- China's embassy has rejected the allegations entirely, framing the Five Eyes itself as the world's foremost espionage body — a counter-narrative that complicates the public's ability to assess the threat clearly.
On the job boards where thousands post their CVs each day, a quieter hunt has been underway. Chinese intelligence operatives have been posing as legitimate recruiters on LinkedIn, Indeed, and Upwork, using fake analyst positions to identify UK government and military staff with access to sensitive information. In early June, MI5 and the Five Eyes alliance — the intelligence partnership of the UK, US, Australia, Canada, and New Zealand — issued a joint warning laying bare how the scheme works.
The operation unfolds in careful stages. Fake job advertisements draw in applicants, who are then screened for security clearances or proximity to restricted areas. Promising candidates are invited to virtual interviews where conversation gradually shifts toward what they actually know — government contacts, military activities, classified access. A final step follows: a writing assignment on topics such as China's international relations or defence matters, designed to reveal the depth of an applicant's knowledge. Those who demonstrate useful insight are offered payment, sometimes up to a thousand dollars per report, routed through platforms that obscure the source.
The targets are broad. Academics, think tank researchers, and anyone holding a clearance are considered potential prey. MI5 had already flagged two specific LinkedIn profiles — Amanda Qiu and Shirly Shen — operating on behalf of China's Ministry of State Security. One had contacted a researcher working for Conservative MP Neil O'Brien, sending a poorly written job offer that O'Brien noted a less experienced junior employee might easily mistake for legitimate.
China's embassy dismissed the warning as false and malicious, calling the Five Eyes alliance itself the world's largest espionage organization. The UK government has taken a different view. Security Minister Dan Jarvis urged personnel to learn the warning signs of online targeting, pointing to recent prosecutions as evidence that authorities can hold accountable those acting for foreign states. A £170 million upgrade to encrypted government communications was also announced. Yet the persistence of the scheme suggests technology alone cannot resolve a problem rooted in something more human — the desire for work, income, and recognition. The Five Eyes warning is ultimately an appeal to awareness: know what you are being asked, and know what you might be giving away.
On job boards where thousands of people post their CVs each day, a quieter hunt has been underway. Chinese intelligence operatives have been posing as legitimate recruiters, posting fake analyst positions on LinkedIn, Indeed, and Upwork to identify and exploit UK government and military staff. MI5 and the Five Eyes alliance—the intelligence partnership of the UK, US, Australia, Canada, and New Zealand—issued a joint warning in early June laying bare the mechanics of this operation.
The scheme works in stages, each one designed to narrow the field of potential targets. Operatives begin by posting what appear to be genuine job advertisements on mainstream recruitment platforms. They then sift through the applications, looking for candidates with security clearances or access to sensitive areas. Those who pass this initial screening are invited to virtual interviews, where the conversation subtly shifts toward discovering what the applicant actually knows—their government contacts, their knowledge of military activities, their access to restricted information.
Once a candidate seems promising, the final test arrives: a writing assignment. Job applicants are asked to produce trial reports on topics carefully chosen to reveal what they know. The subjects range from China's international relations to defence matters. Those who complete these assignments and demonstrate useful knowledge are then offered payment—sometimes as much as a thousand dollars per report—funneled through payment platforms that obscure the source.
The targets are not limited to government workers. The Five Eyes warning identified academics, think tank researchers, and anyone holding security clearance as potential prey. In November, MI5 had already flagged two specific LinkedIn profiles operating on behalf of China's Ministry of State Security: accounts under the names Amanda Qiu and Shirly Shen. One of these accounts had reached out to Simon Whelband, a researcher working for Conservative MP Neil O'Brien. The message was poorly written English offering a job. O'Brien himself noted the vulnerability: a junior employee, less experienced in recognizing such tactics, might easily mistake the approach for a legitimate opportunity.
China's embassy in London dismissed the warning as false and malicious, turning the accusation back on the Five Eyes alliance itself, calling it the world's largest espionage organization. But the UK government has treated the threat seriously. Security Minister Dan Jarvis urged all government and military personnel to learn the warning signs of online targeting and to protect themselves against inadvertently compromising national security. He pointed to recent prosecutions as evidence that authorities have the legal tools to hold accountable those acting on behalf of foreign states.
The government has also invested in defences. A £170 million upgrade to encrypted technology used in government communications was announced the previous year, alongside new protections against Chinese cyber operations. Yet the persistence of the recruitment scheme suggests that technological fixes alone cannot solve a problem rooted in human vulnerability—the universal desire for a job, a paycheck, recognition of one's expertise. The Five Eyes warning is, in essence, an appeal to awareness: know what you're being asked, know who is asking, and know what you might be giving away.
Citas Notables
If you were more junior, you don't know what you're looking for. You might think it's a genuine offer that's made to you on LinkedIn.— Conservative MP Neil O'Brien, on the vulnerability of less experienced workers
I urge all government and military personnel to follow the National Protective Security Authority's advice to spot signs of online targeting and avoid inadvertently compromising our security.— UK Security Minister Dan Jarvis
La Conversación del Hearth Otra perspectiva de la historia
Why would someone working in government fall for a fake job offer? Don't they have security training?
They do, but the scheme is designed to exploit a gap between caution and normalcy. A LinkedIn message feels routine. The job sounds plausible. And if you're mid-career, looking for a change, the flattery of being recruited is real.
So the Chinese aren't trying to blackmail anyone or steal passwords. They just want information.
Exactly. They're after what you know—your contacts, what you've heard in meetings, what you understand about policy or military capability. That's worth money to them, and it's harder to trace than a data breach.
The trial report stage seems like the moment of truth. You're essentially proving you have access.
Right. By asking you to write about China's defence posture or government relations, they're testing whether you actually know anything worth paying for. It's a filter. Most people fail it and never hear from them again.
And the payment—a thousand dollars per report—that's not a fortune.
No, but it's enough. It's enough to make someone feel like they're being valued for expertise they have. It's enough to make the risk feel manageable, especially if you convince yourself you're not really betraying anything classified.
What makes this warning different from past ones?
The specificity. They named the fake profiles. They showed the exact platforms. They're not being vague about the threat anymore—they're saying this is happening now, to people you might know, and here's how to spot it.