Summary:
A joint security bulletin issued by the MI5 and its Five Eyes partners—the United States, Canada, Australia, and New Zealand—warns of intensified Chinese intelligence operations targeting Western professionals via LinkedIn and similar platforms. Operatives from China's Ministry of State Security (MSS) and the People's Liberation Army (PLA) are using fake recruiter profiles and fabricated job offers to identify, approach, and recruit individuals with access to sensitive government, defence, and commercial information. The threat has grown markedly in scale and sophistication, with documented cases spanning all Five Eyes nations as well as key European allies, including Germany, France, the Netherlands, and Belgium. Particular concern is directed at professionals who publicly advertise security clearances or sensitive roles on LinkedIn, which intelligence agencies warn effectively functions as a targeting list for hostile actors. This report details the tradecraft employed, the sectors most at risk, documented cases across Five Eyes and allied nations, and the official mitigation guidance issued by partnering agencies.
Detailed Report
1. Joint Five Eyes Bulletin: Scope and Issuing Agencies
MI5, alongside the Federal Bureau of Investigation (FBI), the Canadian Security Intelligence Service (CSIS), the Australian Security Intelligence Organisation (ASIO), and the New Zealand Security Intelligence Service (NZSIS), has issued a coordinated bulletin warning of persistent Chinese intelligence efforts to recruit Western assets through professional networking platforms. The bulletin was distributed to government departments, defense contractors, academia, and other at-risk sectors, and was accompanied by public statements from senior intelligence officials in the UK and US. The warning reflects a consensus among Five Eyes agencies that the threat is both global and escalating, with China's MSS and PLA identified as the principal actors behind these operations.
2. Nature of the Threat: Tactics and Tradecraft
According to the bulletin and corroborating reports, Chinese operatives create convincing fake profiles on LinkedIn, posing as recruiters, consultants, or employees of legitimate-seeming firms. These profiles often claim to be based outside China and are used to post job advertisements for roles that would attract individuals with security clearances or sensitive expertise. Initial contact is typically made through LinkedIn's messaging system, with recruiters offering lucrative freelance or consulting opportunities. The recruitment process is gradual, often involving virtual interviews, requests for trial reports on strategic topics, and escalating to solicitations for privileged or classified information. Payments are routed through third-party platforms or cryptocurrency to obscure the source. In some cases, operatives employ classic espionage tactics such as honey traps and flattery, updated for the digital age.
3. Targeted Sectors and Individuals
The campaign targets a broad range of individuals across all Five Eyes countries, including government officials, military personnel (especially those in the Indo-Pacific), security clearance holders, academics, researchers, think tank staff, and journalists. The bulletin emphasizes that even former officials and private sector employees with knowledge of sensitive projects are at risk. Publicly available resumes and LinkedIn profiles are used to map organizational structures and identify high-value targets.
4. Scale and Platform Vulnerabilities
MI5 and ASIO have reported tens of thousands of approaches by suspected Chinese agents via LinkedIn and similar platforms in recent years. LinkedIn itself has acknowledged the removal of millions of fake accounts, with a significant portion linked to state-backed actors. The platform's encouragement of detailed work histories and minimal verification requirements make it particularly vulnerable to exploitation by foreign intelligence services. The use of AI-generated photos and deepfake technology has further increased the sophistication of fake profiles.
5. Historical Context: Documented Cases Across Five Eyes and Allied Nations
5A. United States
· Kevin Mallory, a former CIA officer, was contacted via LinkedIn by a Chinese agent posing as a recruiter. Mallory ultimately passed classified information to the MSS and was sentenced to 20 years in prison.
· Ji Chaoqun, a Chinese national in the US Army Reserves, used LinkedIn to gather information on engineers and scientists for Chinese intelligence. He was convicted of acting as an unregistered agent and sentenced to eight years in prison.
· Dickson Yeo, a Singaporean agent, used LinkedIn to recruit US military and government personnel for Chinese intelligence, resulting in a prison sentence.
· In early 2025, the FBI and private sector researchers identified a network of front companies, including RiverMerge Strategies, that posted job ads on LinkedIn targeting laid-off US federal workers and individuals with security clearances.
5B. United Kingdom
· MI5 estimates at least 10,000 UK nationals were approached by fake profiles linked to hostile states between 2016 and 2021.
· The MSS operative known as "Robin Zhang" contacted thousands of UK officials via LinkedIn, offering business opportunities and inducements.
· Christopher Cash and Christopher Berry were charged with providing information to China, highlighting ongoing risks, though the case was later dropped.
· The case of Christine Lee, accused of facilitating covert donations to British politicians, was preceded by similar online cultivation efforts.
· In November 2025, MI5 issued a public espionage alert naming two specific MSS recruiter personas, Amanda Qiu (BR-YR Executive Search) and Shirly Shen (Internship Union), as fronts for Chinese intelligence operations. These LinkedIn profiles were found to be conducting outreach at scale to Members of Parliament, parliamentary staff, economists, think tank employees, and government officials.
5C. Canada
· CSIS has documented repeated attempts to recruit Canadian researchers, academics, and defense contractors via LinkedIn, particularly in quantum computing, artificial intelligence, biotechnology, aerospace, and defense.
· CSIS has confirmed multiple interventions and ongoing investigations, and has warned that those advertising security clearances or sensitive backgrounds on LinkedIn are at heightened risk.
· Canadian media have reported cases of aerospace engineers and university researchers being approached by LinkedIn profiles linked to Chinese state-affiliated think tanks, offering consulting work or research collaboration as a pretext for extracting sensitive information.
5D. Australia
· In 2022, ASIO and the Australian government responded to attempts by Chinese-linked entities to recruit former Royal Australian Air Force pilots for PLA aviation training, often using LinkedIn as the initial contact point.
· Alexander Csergo (2023): Contacted via LinkedIn and recruited by Chinese operatives to provide intelligence on AUKUS, Quad, and lithium mining; first conviction under foreign interference laws.
· The Australian Senate's 2023 report on foreign interference through social media devoted a chapter to LinkedIn, highlighting its unique risks and recommending enhanced reporting and moderation requirements for professional networking sites.
· ASIO has also documented cases of academics and researchers in advanced technology fields being targeted for recruitment via LinkedIn, with offers of research collaboration or consulting work serving as cover for intelligence collection.
5E. New Zealand
· NZSIS 2023–2025 threat assessments have identified Chinese intelligence as the most persistent and sophisticated foreign actor, routinely using LinkedIn and similar platforms to identify and approach New Zealanders with access to sensitive information.
· NZSIS has confirmed at least one case where a foreign intelligence officer in New Zealand targeted a policy official via online networking; the approach was disrupted before any compromising information was exchanged.
5F. Broader NATO/EU Context:
· In Germany, the Federal Office for the Protection of the Constitution (BfV) publicly disclosed in 2017 that Chinese operatives had created over 10,000 fake LinkedIn profiles to target German nationals, including government officials, parliamentarians, and researchers. The 2024 annual report documented continued LinkedIn-enabled recruitment, including cases of German professors persuaded to deliver paid presentations to audiences with PLA links.
· In Belgium, Justice Minister Annelies Verlinden confirmed in 2026 that important information and intelligence may have reached China through fake LinkedIn profiles targeting NATO and EU staff, some of whom were paid for reports on EU sanctions and NATO strategy
· The Dutch General Intelligence and Security Service (AIVD) has designated China as the biggest threat to the Netherlands' economic security, citing LinkedIn-enabled targeting of researchers and government officials.
· In France, the domestic intelligence agency DGSI warned in 2019 that hundreds of French civil servants and business executives had been targeted by fake recruiter profiles linked to Chinese intelligence, prompting awareness campaigns within government and major corporations.
· In 2023, the former head of France’s foreign intelligence service publicly warned of a "massive espionage operation" by Beijing via social media, notably LinkedIn, targeting French officials and researchers.
· France24 reported in March 2026 that China used fake LinkedIn profiles to spy on NATO and EU institutions, confirming the ongoing nature of these operations
6. Advertising Security Clearances on LinkedIn
A recurring vulnerability highlighted in the bulletin and supporting advisories is the practice of professionals publicly advertising their security clearances or sensitive backgrounds on LinkedIn. Intelligence agencies warn that such disclosures create a "hunting list" for adversaries, making it easier for hostile actors to identify and approach high-value targets. In Australia, advertising a clearance online is prohibited and can result in a security incident report. Agencies in the UK and US urge professionals to use generic descriptors and share clearance information only in private with verified contacts.
7. Official Recommendations and Mitigation Steps
The Five Eyes agencies recommend several mitigation steps for individuals at risk:
· Avoid advertising security clearances or sensitive project involvement on public profiles.
· Scrutinize unsolicited connection requests, especially from recruiters or consultants with vague company details or generic profiles.
· Verify the legitimacy of recruiters and companies before engaging in detailed conversations.
· Report suspicious contacts to internal security teams or relevant authorities.
· Use privacy settings to restrict profile visibility and regularly audit networks for suspicious profiles.
· Participate in security awareness training and briefings provided by employers or government agencies.
Conclusion
The joint bulletin from MI5 and its Five Eyes partners underscores the persistent and evolving threat posed by Chinese intelligence operations on LinkedIn and similar platforms. Documented cases across all Five Eyes countries demonstrate that this is a proven tactic with significant national security implications. The report highlights the importance of vigilance, discretion, and proactive security measures for professionals in sensitive roles, emphasizing that online presence can serve as a targeting package for hostile actors.