← Back to Daily Briefing

The U.S. Department of Justice (DOJ) and FBI disabled 13 domains associated with a Chinese intelligence operation utilizing front companies, including Centrik Global and Rightinfo, to conduct social engineering attacks against U.S. government and military personnel. Since November 2023, threat actors leveraged AI-generated personas and professional freelance platforms to recruit targets for "consulting" roles. The campaign transitioned victims to Telegram and used cryptocurrency for payments to incentivize the exfiltration of sensitive national security data and classified research. Remediation involved the legal seizure of infrastructure and a wide-scale Army advisory distributed to over one million personnel.

  • Incident Overview: Intelligence Front Operations

    • Chinese intelligence services established a network of fake global consulting firms to target individuals holding high-level security clearances.
    • The primary objective was the illicit acquisition of U.S. national security priorities and sensitive research, including specific interests in Venezuela.
    • The campaign remained active from November 2023 until the coordinated law enforcement seizure of the operational websites.
  • Attack Vector: Social Engineering Mechanics

    • Recruitment began on professional job-market and freelance platforms using high-paying titles such as "Senior Analyst" and "International Affairs Consultant."
    • Actors utilized AI-generated profile photographs and stolen identities to build credibility and establish trust with targets.
    • Once targets were engaged, operatives moved communications to encrypted Telegram channels to avoid government monitoring and detection.
  • Technical Infrastructure and Financial Rails

    • The infrastructure comprised 13 seized domains, including entities such as Finnacle-Vesper, CYDF, Pulse Wave Global, and SafeSec Group.
    • Payment rails utilized cryptocurrency and overseas accounts registered under false names to mask the financial trail back to the state actor.
    • Legitimate-looking "consulting" frameworks were used as a pretext to request the disclosure of classified internal documents.
  • Impact and Operational Scope

    • Target demographics included current and former U.S. officials, military personnel, and government contractors.
    • The Army responded by distributing a security advisory to over 1 million personnel to mitigate further exploitation.
    • The operation demonstrates a sophisticated shift toward "human-centric" intelligence gathering leveraging AI and digital freelancer economies.
  • Defensive Actions and Conclusion

    • The DOJ and FBI successfully neutralized the threat by seizing the operational domains and disabling the front companies' web presence.
    • Security professionals are urged to implement training focusing on AI-augmented social engineering and the risks of unsolicited professional outreach.
    • Strict enforcement of reporting requirements for clearance holders regarding foreign contact remains the primary defense against these personas.

Related posts

  1. Malware News — US seizes alleged China-linked sites targeting security clearance holders
  2. Apnews
  3. Nextgov
  4. Hackread
  5. Justice
  6. Bankinfosecurity
  7. Staffingindustry
  8. Americanbazaaronline
  9. Hstoday
  10. Houstonchronicle
  11. News

LINK COPIED TO CLIPBOARD