Chinese intelligence services use LinkedIn to collect information from employees of Western companies

The FBI, the UK’s security service MI5 and the governments of Australia, Canada and New Zealand issued a joint warning about Chinese intelligence services. They are using job search sites and recruiting platforms, including LinkedIn, to make contact with employees of Western companies.

This is reported by TechCrunch. 

Their goal is to reach people capable of providing non-public information that could benefit Beijing.

More on the attackers’ methods and goals

According to the publication, agents of Chinese intelligence pose as online recruiters or representatives of staffing agencies who allegedly work on behalf of companies registered outside of China.

The purpose of such contacts is to obtain non-public information that could be useful to Beijing.

The warning states that Chinese military and intelligence structures seek to acquire military, political and economic information that could give China a strategic and tactical advantage over the countries of the Five Eyes alliance, which include the US, the UK, Australia, Canada and New Zealand.

Which employees interest China

Among the main targets of such operations are military personnel, individuals with security clearances, as well as journalists, researchers and think-tank staff who have access to non-public or specialized data.

Resumes and professional information posted on job platforms are used to select potential sources.

Even non-classified information can be valuable to intelligence if combined with other data to support decision-making or policy formation.

What LinkedIn says

In response to a request from TechCrunch, a LinkedIn representative said that creating fake accounts or using false information about a person violates the service’s rules.

The company added that it continues to detect and block accounts linked to state actors that abuse the platform.

Recall that at the end of May the Dutch Financial Intelligence and Investigation Service conducted searches at two of the country’s data centers and seized 800 servers from hosting companies WorkTitans and MIRhosting.

The confiscated web equipment was used by Russian hackers to organize cyberattacks on government institutions and the banking sector in Europe.

Also read: Cybersecurity for servicemembers. Are the Armed Forces of Ukraine protected and how have Russian cyberattacks changed