A recent investigation has uncovered a network of China-linked recruitment sites and sham consultancies that explicitly targeted recently laid-off U.S. government employees. The operation used job postings on mainstream platforms to pull in people with government experience and, in some cases, security clearances.

The footprint is textbook tradecraft. Multiple sites were hosted on the same server, shared digital certificates and email infrastructure, and routed contact points back to obscure Chinese companies such as Smiao Intelligence and Shenzhen Si Xun, while listing U.S. addresses that led to empty lots or shell service providers. That pattern is not the accident of sloppy marketing. It is a staged facade designed to look plausible while hiding the true operator.

This is not an abstract risk. U.S. intelligence already assesses that foreign adversaries, including China and Russia, will accelerate recruitment of disgruntled or financially vulnerable federal employees after large workforce reductions. Analysts say adversaries direct operatives to hunt targets on LinkedIn, Craigslist and other platforms, and to exploit anyone who signals they are “open to work.” The recruitment websites Reuters identified fit exactly into that playbook.

There is a clear precedent for this style of operation. U.S. prosecutors in 2020 convicted Jun Wei “Dickson” Yeo for running a fake consultancy to spot and assess Americans with access to sensitive information, then passing their work on to Chinese handlers. The method is simple and effective: use flattering offers and small payments to build relationships that can later yield classified or operationally valuable knowledge.

Operational takeaway: treat these postings like phishing for people. A job advert is an intelligence contact if it asks for resumes from people with specific government roles, security clearances, or niche technical expertise. Recruiters that pressure for quick acceptance, avoid verifiable contact details, or route communications through foreign email domains are red flags. Reuters documented precisely these warning signs in the recent network.

What agencies and industry must do, now:

  • Reinstate and enforce exit and counterintelligence briefings. Every employee who leaves government service must be reminded, in writing and verbally, of continuing legal obligations on classified material and the penalties for unauthorized disclosure. This is basic, non-negotiable damage control.

  • Treat suspicious hiring as an intel problem. Agency security officers must be empowered to vet and block dubious third-party contractors, consulting hires, and unsolicited offers that target former staff. If a posting looks too neat a match for cleared experience, escalate and investigate rather than assume good faith.

  • Harden the referral chain. Employees who are approached should be taught to document correspondence, preserve evidence, and report approaches to their security office and the FBI counterintelligence squad. Early reporting prevents exploitation and produces indicators that can trace the operator.

  • Private platforms must act faster. LinkedIn, job boards and Craigslist are the vector. Platforms need better signals, faster takedowns, and a streamlined channel with U.S. counterintelligence to remove inauthentic corporate profiles masquerading as legitimate recruiters.

  • Continuous vetting and incentives matter. Maintain vetting of individuals with persistent access to sensitive programs. At the same time, provide transition assistance, counseling, and legitimate placement help for displaced federal staff so foreign offers lose their appeal.

This is not speculation. It is a repeatable, low-cost intelligence tactic amplified by social media and the churn of a disrupted workforce. The fix is bureaucratic and tactical, not technical. Make briefings mandatory, make reporting frictionless, and treat suspicious corporate recruiting as a national security incident. Do that and you blunt the simplest, lowest-tech path adversaries use to harvest American expertise.