FDD uncovers likely Chinese intel operation targeting recently laid-off U.S. government employees

(Tumisu / Pixabay)

By Max Lesser • May 19, 2025

Chinese intelligence moved quickly to take advantage of the mass layoffs of federal workers that began right after the Trump administration took office. On Craigslist.org, a post advertising “Job Opportunities for Recently Laid-Off U.S. Government Employees” appeared on February 6 on the website’s Washington, DC, jobs board. The post links to the website of what is supposedly a consulting services company located in Singapore. Yet peering beneath the surface reveals that this company is part of a broader network of websites, LinkedIn pages, and job advertisements that appear to be a Chinese intelligence operation.

The tactics employed by this network closely resemble previous Chinese intelligence operations targeting U.S. government officials and other high-value targets across the United States, Europe, and beyond. Despite the network’s efforts to create the illusion that several separate firms outside of China are seeking to recruit laid-off federal employees, the network’s technical features point both to its Chinese origins and to the role of a single entity in creating all of its components.

The network consists of five companies that rely on the same dedicated, Chinese-owned server to host their websites, and all but one of the five used (or still use) the niche Chinese email provider chengmail[.]com. In addition, four of the five sites share a single SSL certificate, a digital identity card for a website that enables secure, encrypted communication with visitors. Yet only one of the five companies in the network, Smiao Intelligence, appears real. The others are little more than digital facades, a conclusion apparent from their use of cloned websites, fake customers, AI-generated text, and other signs of artificiality. Common internet infrastructure and other shared features between the website of Smiao Intelligence and the four seemingly inauthentic firms indicate that one or more individuals associated with Smiao likely created the network for intelligence purposes.