China's Ghost Recruiters: Fake 'Defense Analyst' Jobs on LinkedIn Are a Front for 'paid' Espionage

Chinese intelligence officers pose as online HR recruiters or consultants who represent fake, but often legitimate-looking, “cover companies” and claim to be located in countries other than China. Five Eyes agencies have identified individuals who have undertaken these activities, leading to criminal prosecutions, job losses, and security-clearance revocation.
It usually begins with an email that feels almost too good to be true.
You are a 26-year-old master's student in International Relations at Jawaharlal Nehru University, or a freelance defence journalist in Pune who has written a few sharp pieces on the Galwan aftermath and the Navy's new submarine acquisitions. One afternoon, a message lands in your LinkedIn inbox or on Naukri.com from someone claiming to represent a "Singapore-based geopolitical consultancy" or a "London think tank with interests in the Indo-Pacific."
"We came across your analysis on the recent border infrastructure push. We're commissioning a series of background papers on Indian defence procurement and regional force posture. Flexible deadlines. ₹65,000 to 80,000 per 2,500-word piece. Interested?"
You say yes. The first assignment arrives: a seemingly open-source piece on China-India trade dynamics and dual-use technology flows. The payment, when it comes, is prompt, often routed through an Indian bank account belonging to a name you do not recognise. Then comes the second request. This one wants "any non-public insights" you might have from your university network or previous reporting on troop movements in Ladakh or the status of BrahMos exports. The language is careful, the money is good, and the client remains conveniently opaque.
What feels like a lifeline for a cash-strapped student or gigging journalist is, according to two separate government warnings issued within months of each other on opposite sides of the world, the opening move in a sophisticated, industrial-scale human intelligence operation run by China's military intelligence services.
America's warning
On 3 June 2026, the FBI's Internet Crime Complaint Center (IC3), working with the Five Eyes alliance, published a detailed cybersecurity advisory titled "Safeguarding Our Secrets." The document is unusually direct: China's military intelligence services are using Western professional networking and gig-work platforms, including LinkedIn, Indeed and Upwork, to systematically identify and cultivate individuals with access to sensitive or classified information.
The targets are not limited to cleared government employees. The advisory explicitly names academics, journalists, freelance writers and think-tank researchers, precisely the profile of many young Indians writing on strategic affairs today.
How the recruitment works
The method is deceptively simple:
- Recruiters post job advertisements for "foreign policy analysts," "defence consultants," or "Indo-Pacific research contributors."
- Resumes are screened for indicators of access.
- Successful candidates receive "trial" writing assignments on topics such as China's bilateral relations, regional force deployments, weapon systems, or joint military exercises.
- Payments range from a few hundred to several thousand dollars per piece, often disbursed through third-party platforms or cryptocurrency.
- Conversations eventually move to encrypted apps.
- The ask escalates from open-source analysis to "non-public insights."
The advisory notes that even people with no direct access to classified material can still contribute to a damaging cumulative picture when hundreds of such reports are aggregated. Recruits may be paid through PayPal, Payoneer, Zelle, Skrill, Wise, Western Union, e-transfer or cryptocurrency, and are often compensated by an account belonging to someone they never met during the recruitment process.
India confirms the same playbook
What makes the Indian warning especially significant is how closely it mirrors the American one, and how explicitly it flags India-specific vectors.
On 22 January 2026, the University Grants Commission sent a circular (D.O. No. 2-53/2025(CPP-II)) to every Vice-Chancellor and college Principal in the country. The subject was stark: "Sensitization of personnel regarding sharing of sensitive information."
The circular states that the Ministry of Education has been alerted to "some vested foreign entities" actively collecting sensitive information on India's national security, defence establishment, critical infrastructure and government functioning. It then lists tactics that read like a direct translation of the FBI playbook, with local detail added:
- It names Naukri.com alongside LinkedIn.
- It warns that payments are frequently routed through Indian bank accounts, including student accounts, and that amounts linked to cyber frauds have been observed.
- It highlights the collection of Aadhaar and PAN cards from applicants who mention defence backgrounds.
- It notes that the entities "hide their true identity and usually describe themselves as representatives of consulting firms operating in some other countries."
The circular ends with a direct instruction: all higher education institutions must "ensure wide dissemination of this information among students and faculty members" so they can "exercise caution against the modus operandi being adopted by such entities."
In plain language, the Government of India has told every university in the country that Chinese intelligence is actively recruiting on Indian campuses and job portals, and that Indian students' bank accounts are being used as payment rails.
The era of paid surveillance
The "Ghost Writers of Beijing" operation represents a quiet but significant escalation in hybrid warfare. It turns the economic precarity and platform-driven nature of modern freelance and academic life into an intelligence-collection asset. By making the act of writing itself a vector for espionage, China's military intelligence services have developed a low-cost, high-volume method of mapping the information terrain of potential adversaries, including India.
In the information age, the most dangerous espionage operations may not involve stolen hard drives, sophisticated hacking or data breaches. They may simply involve a polite email, a well-written brief, and a big pay-cheque that looks, at first glance, like salvation. This is the era of paid surveillance.
Sources
- FBI Internet Crime Complaint Center (IC3) advisory, "Safeguarding Our Secrets" (3 June 2026)
- University Grants Commission circular D.O. No. 2-53/2025(CPP-II) (22 January 2026)
For investigators: see our step-by-step website & domain investigation case study built on this operation.