Recent reporting has revealed that China appears interested in exploiting recent cuts made by the Department of Government Efficiency (DOGE) to the U.S. federal workforce by targeting individuals that have been let go with promises of employment in the hopes of obtaining classified information.  According to a researcher from a Washington, D.C.-based think tank, Chinese intelligence has allegedly created a network of fake consulting firms and companies to entice recently unemployed federal employees with job opportunities wherein for the purpose of extracting sensitive information to complement and even corroborate their understanding of U.S. programs.  The researcher identified at least four such consultancies and recruitment companies, which according to his findings, shared “overlapping websites” and were hosted on the same server.  Of note, there was no indication that any former federal workers had been successfully recruited.

Once employed by these companies, the concern is that these former federal employees would be asked to share sensitive information about U.S. operations, policies, or knowledge about areas of interest to a foreign government.  If the individual is unwitting, the employer may try to elicit sensitive material under the guise of the authorship of a policy white paper for an unidentified customer with the goal of pushing the individual further for more insightful information than is already publicly available.  There is even the opportunity for the employer to ask the new employee if he knows other individuals in his or other fields that would want the chance to contract out on such papers as well.

Another concern expressed by current and former intelligence professionals is the disgruntled fired employee that might take the chance to willingly provide sensitive or classified data to foreign governments for retribution and financial compensation.  One media outlet cited four unidentified intelligence officers, China and Russia directed their intelligence services to engage in recruitment operations against these targets.  Though it should be noted that intelligence personnel do not need to be fired to engage in such practices.  Individuals in sensitive positions with access to classified data have been caught doing this very thing in the past, whether they are notable cases like Alrich Ames and Robert Hanssen or the more recent activities of army intelligence, navy engineers, and even a National Security Agency worker.

Still, regardless of the government behind them, for a long time states have been actively exploiting online platforms like LinkedIn and Reddit to further their intelligence collection efforts and potential recruitment of these witting or unwitting sources.  China has been engaged in this practice from at least 2017 when Chinese operatives used the platform to contact a GE aviation engineer.  Several articles from U.S. military branches have alerted on these practices as well, often outlining the tactics conducted by recruitment officers, and the general themes expressed during their outreach to the targeted individuals.  The professional network is a boon for legitimate and nefarious recruitment, and is even used by intelligence agencies a vehicle to advertise their organizations and post job vacancies. 

China and Russia are not the sole abusers of LinkedIn for intelligence asset recruitment.  In February 2025, North Korea tried abusing the platform for its own unique purposes, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers,” per Bitdefender.  Similarly, in 2024, Iranian cyber threat actors were observed targeting LinkedIn users by posing as employment recruiters with job offers designed to deceive recipients into running Windows-based malware.  Given the professional focus of LinkedIn, the world’s largest professional network, as well as individuals’ penchants for listing their experience including those who hold/held sensitive government and industry positions, it is unsurprising that governments’ intelligence apparatuses are active on it, being able to use the platform’s private and semi-private browsing mode to peruse potential target profiles.  To think that such subterfuge is solely done by the aforementioned governments would be shortsighted, not to mention that similar activity could be done by other threat actors to perpetuate cybercrime and industrial espionage.

Those who hold security clearances bear the responsibility for protecting classified material, controlling access to it, and not disclosing it to unauthorized people.  The fact that any former federal employee holding such a privilege would consider betraying this trust out of spite would not only be disconcerting but would also suggest that the government re-evaluate its clearance vetting procedure and to whom they grant them.  However, the more pressing issue is for former federal employees that are likely to work in the same subject area, but outside government channels.  It’s clear that foreign adversaries still see them as viable sources of information or a conduit to gain access to it.  These individuals likely do not receive the type of counterintelligence briefings necessary to identify the current tactics being used by foreign actors in order to increase their awareness of the tradecraft.  What’s more, they may not even have a way to report such intelligence approaches or know where to report them.  Based on the anecdotes already cited, it’s evident that these types of approaches have been happening for several years, though the breadth of these campaigns remains a mystery.

There is a real opportunity for the government to keep former employees that once held or still may hold security clearances in the loop about these types of activities, particularly given their backgrounds and potential connections to bureaus or the people that work there.  Additionally, former employees should always confirm the authenticity of individuals whenever possible, and through several trusted third-party sources as one may not be enough and could unwittingly give that fraudulent recruiter false legitimacy.  In the end, all former federal employees must be cognizant that even though they may not work in a sensitive position, their institutional knowledge and accesses are still valuable commodities, and bolstering their situational awareness will go far in enhancing not only their own security, but will go far in contributing to ensuring that national security is not compromised.