Safeguarding Our Secrets: National and Corporate Espionage via Online Job Platforms

In a recent “Safeguarding Our Secrets” alert, UK partners within the Five Eyes community set out how China’s military intelligence services are using Western online job platforms to target people with access to sensitive information. The same methods now threaten both national security and corporate secrets, blurring the line between traditional espionage and economic espionage against companies.

This article forms part of Hermes Digital’s Insights series on power, exposure and digital control, examining how state-sponsored online recruitment exploits professional networks, freelance marketplaces and virtual hiring to reach the same pool of talent in government, academia and the private sector. Understanding this recruitment model is now baseline tradecraft for anyone whose work touches privileged information.

What is online-recruitment espionage? Online-recruitment espionage is the use of professional networking sites, job boards and freelance marketplaces by state intelligence services to identify, approach and cultivate people with access to sensitive national-security or corporate information. Recruiters pose as consultants or HR staff for plausible cover companies and escalate gradually—from legitimate-looking analytical tasks to paid requests for non-public material—so the target rarely recognises the approach as espionage until it is well advanced.

Online Recruitment as a State Espionage Tactic

According to the alert, Chinese military intelligence services now rely on a wide range of professional networking sites and online hiring platforms to identify and approach potential sources. Intelligence officers or their affiliates pose as HR recruiters or consultants for plausible “cover companies” that look like consultancies, think tanks or research firms operating from Western jurisdictions.

They publish job adverts for roles such as foreign policy analyst, defence researcher or trade consultant, with selection criteria quietly optimised for likely access to sensitive material. Successful applicants are drawn into a recruitment process that gradually shifts from legitimate-sounding analytical tasks to the provision of “non-public” insights for unnamed clients aligned with the Chinese state.

Who Is at Risk: Government, Military and Peripheral Access

The alert highlights traditional high-risk categories: security-cleared officials in defence, foreign affairs and security and intelligence, and military personnel, particularly those stationed in the Indo-Pacific region. These individuals can answer detailed questions about unit activities, regional capabilities, operational routines and policy intent.

Equally important are those with indirect or peripheral access to government information. Academics, journalists, freelance writers and think-tank employees working on defence, security, policy and economic issues may underestimate the value of their knowledge. Yet their insights, when stitched together, can provide an adversary with context and nuance that more classified sources cannot easily supply.

The Five-Stage Espionage Recruitment Playbook

The “Safeguarding Our Secrets” document sets out a five-stage recruitment pattern that applies across both public-sector and private-sector targets. Recognising these stages is central to defending against state-sponsored recruitment and its corporate-espionage extensions.

1. First contact on job and gig platforms. Recruiters post adverts on platforms such as LinkedIn, Indeed and Upwork, then rank CVs by the candidate’s likely access to sensitive information. Those with suitable roles, clearances, or sector experience receive personalised outreach and invitations to discuss ostensibly legitimate opportunities.
2. Virtual interviews to map access and networks. Interviews are conducted online. The interviewer conceals their true identity while probing for details of current and previous roles, units, locations, activities and high-value contacts in government or industry. The aim is to map what the person knows, who they know, and how they might be positioned inside wider systems.
3. Trial reports on foreign policy and trade. Candidates are set trial tasks that mirror genuine analytical work: reports on China’s bilateral relationships, Indo-Pacific security dynamics, or international trade and economic issues. These tasks appear routine and often draw on open sources, but they help confirm expertise and normalise the idea of being paid for insight.
4. Escalation and shift to “secure” channels. Subsequent requests are framed as requiring more privileged or internal information—non-public assessments, internal briefings, or operational details. At this point, the relationship is usually moved onto encrypted messaging applications or other “secure” channels to reduce visibility and make the interaction feel more exclusive.
5. Payment for increasingly sensitive information. Recruits may be paid from a few hundred to several thousand dollars per report. Payments flow through third-party services such as PayPal, Payoneer, Zelle, Skrill, Wise, Western Union, e-transfer or cryptocurrency, often from accounts belonging to people the recruit has never met. Over time, this normalises a transactional relationship around non-public information.

Why “Unclassified” Information Still Matters for National Security

The alert is clear that many applicants targeted through these schemes do not hold formal access to highly classified material. They may believe that what they are sharing is “only unclassified” or “just context.”

However, unclassified information about government policy, military strategy, capabilities and installations can be collected and combined with more sensitive reporting to create a comprehensive operational picture. Seemingly small details about basing, routines, logistics, or planning horizons may be low-risk in isolation but high-value in aggregate.

Such composite insight can endanger frontline military and other personnel, weaken economic prosperity and enable interference in democratic processes across the Five Eyes nations. For individuals, unauthorised disclosure of sensitive or classified information can result in prosecution under espionage and national-security laws, job loss, and security-clearance revocation.

Corporate Espionage: From State Secrets to Trade Secrets

The same state-sponsored espionage ecosystem that targets officials also targets companies for intellectual property and commercially sensitive data. Many of the technologies and capabilities that underpin national power—advanced manufacturing, telecommunications, AI and machine learning, semiconductors, life sciences, energy systems—are designed, built and operated by private firms.

In this context, “economic intelligence” and corporate secrets include source code, model weights, training datasets, design files, manufacturing processes, customer lists, non-public pricing, bids, strategic partnerships, and merger or acquisition plans. The theft of such trade secrets can erase years of research and capital investment, compress development timelines for competitors and accelerate adversary military modernisation that relies on dual-use technologies.

How State-Sponsored Actors Conduct Corporate Espionage

State-aligned actors blend human intelligence, cyber intrusion and supply-chain compromise to conduct corporate espionage. The online recruitment model described in the alert is one human-intelligence technique among several, but it integrates readily with technical operations.

A cultivated insider—an engineer, systems administrator, data scientist or analyst—can be encouraged, over time, to provide architecture diagrams, configuration screenshots, internal documents or data extracts that bypass formal security controls. These requests may be framed as “background detail” for a report or “technical clarification” for a research project.

In parallel, related actor sets may conduct targeted phishing campaigns, exploit unpatched systems, abuse cloud credentials or compromise managed service providers and other third parties to gain persistent access to corporate networks. Human access acquired through online recruitment can help refine targeting, circumvent monitoring, or validate data stolen through technical means. Mapping this combined exposure is the remit of digital threat intelligence, which assesses both the human and technical attack surface together rather than in isolation.

Individuals at the Intersection of National and Corporate Security

Professionals increasingly move between government, academia, defence contractors and commercial firms, carrying knowledge and professional networks across institutional boundaries. This cross-pollination is normal and often desirable; it strengthens innovation and policy-industry understanding.

For state-sponsored recruiters, it also increases the value of individuals as targets. A single person may have experience of government decision-making, defence projects and commercial implementation. Recruitment presented as a prestigious consultancy role, a think-tank project or a side-gig on a freelance platform can, in practice, be a route for both national-security information and corporate secrets to leak over time.

The result is that what appears to be a narrow interaction with one company or department can, in fact, be part of a longer-term effort to build a multi-sector picture of capabilities, vulnerabilities and intentions across states and markets.

Consequences for People, Organisations and Economies

The alert emphasises that individuals who engage in the unauthorised disclosure of sensitive or classified information may face criminal prosecution, job loss and the revocation of security clearances. These outcomes are not hypothetical; Five Eyes agencies have identified and acted against individuals who participated in such activities.

For organisations—whether government departments, defence contractors, research institutes or commercial enterprises—the consequences of successful national or corporate espionage include operational disruption, loss of competitive advantage, regulatory and legal exposure, and long-term reputational damage. At the level of economies, sustained economic espionage erodes returns on research and development, distorts markets and can shift strategic balance towards states that benefit from stolen data and technology.

Practical Guidance for Professionals

The “Safeguarding Our Secrets” alert and related guidance, such as the National Protective Security Authority’s “Applicant Beware,” offer practical advice for individuals in high-risk categories. While specifics vary by jurisdiction, several themes are consistent.

Professionals are encouraged to treat unsolicited, high-reward offers for analytical or consulting work—especially those focused on China, the Indo-Pacific, defence or trade—with caution, particularly where the client’s identity is obscured. Early pressure to move discussions onto encrypted messaging applications, reluctance to identify the ultimate client, and rapid escalation from open-source tasks to requests for non-public information are all warning signs.

They are also advised to limit sensitive detail in CVs and online profiles, avoid discussing internal systems, processes or contacts during early-stage interviews, and use official channels to report suspicious approaches. For organisations carrying duty-of-care obligations, the same discipline extends to executive digital security and the structured vetting of senior hires and partners. Awareness of recruitment tradecraft is not a niche concern for intelligence specialists; it is a necessary professional competency for anyone operating at the junction of national and corporate systems.