What did the FBI seize?

The FBI seized 13 internet domains that U.S. officials say posed as consulting firms and were used to approach people with current or former security clearances.

Why did the sites matter?

U.S. officials allege the sites used consulting jobs to build relationships with people who may have had access to sensitive or non-public government information.

How did China respond?

The Chinese embassy in Washington denied the allegations. AP reported that an embassy spokesperson called the accusations fabricated and malicious slander.

FBI seizes fake consulting sites tied to China allegations

SharpPost Analysis | Updated June 12, 2026

The pages advertised consulting work for analysts and international affairs specialists. The U.S. Justice Department says the companies were fake, and the FBI has seized 13 related domains.

The sites listed company names, staff-style headshots, job descriptions and contact details. The advertised work involved reports on foreign policy, security and the Indo-Pacific. According to the Justice Department, the real targets were current and former U.S. security-clearance holders, as well as people who may have had access to classified or sensitive government information.

Illustration of a job website, email and security lock — Illustration: U.S. officials say fake consulting sites were used to approach people who may have held sensitive information. This is not a screenshot of one of the seized sites.

U.S. officials allege the operators were linked to Chinese intelligence. The Chinese embassy in Washington denied the allegations. The Associated Press reported that an embassy spokesperson called the accusations "fabricated" and "malicious slander."

How the approach began

The sites had appeared by around November 2023, according to Justice Department materials. Operators allegedly used false or stolen identities and AI-generated photos to make the companies look real, then reached out through social media, job boards and freelance platforms.

The first assignment could look like ordinary consulting work. A candidate might be asked to produce a report based on open sources. Later, the questions could become narrower and closer to internal judgment, including requests for information that was not publicly available.

The 13 domains listed by the Justice Department are: centrikglobalconsulting.com, rightinfoconsult.com, finnaclevesperconsulting.com, cydfconsulting.com, pulsewaveglobal.com, catalystglobalsolutions.com, thehorizzen.com, geoindopacific.com, gpf-ina.org, safesec-group.com, thetruthinfo.com, vandercons.com and gulfpeace.org.

The value of a clearance

A security clearance on a resume tells a recruiter that the person once had access to certain systems, meetings or projects. The recruiter does not need to know the exact classified material to infer what the person may have been near.

A former official may understand procurement channels. A contractor may know the pace of a project. A think-tank analyst may have heard policy arguments before they became public. Each detail may fall short of a secret; taken together, the details can still be useful.

Job platforms enter the picture

LinkedIn, Indeed and Upwork were also named in a warning issued days earlier by the Five Eyes intelligence alliance. The U.S., Britain, Canada, Australia and New Zealand said Chinese military intelligence officers were using professional networking and freelance platforms to contact people who might hold sensitive information.

Some people who were approached later contacted the FBI. AP reported that they found the offers suspicious: payment methods seemed unusual, including cryptocurrency or less common online payment systems, and the same company names appeared repeatedly in job listings on platforms such as LinkedIn.

Illustration of the path from job posting to non-public information request — Illustration: U.S. materials describe a path that can begin with a job post and later move toward more specific information requests.

Not a hacking case

The materials released by the Justice Department do not describe a database breach or a computer intrusion. The contact began with job messages and consulting work. The "non-public" information sought was not necessarily classified; it could include internal judgment, process knowledge, personal networks or policy direction that would not be available from open sources.

After the seizures

Washington and Beijing have traded espionage allegations for years. A domain seizure is not a conviction. In practical terms, it prevents those addresses from being used and warns potential targets that a project that looks like foreign consulting work may not be only business.

High pay for vague work, pressure to move to encrypted apps, requests for "internal" reports, and cryptocurrency or unusual payment methods are all warning signs. The 13 domains are now offline, but U.S. law enforcement officials are treating resumes, job messages and consulting contracts as part of a wider counterintelligence front.

Source note: This article draws on U.S. Justice Department and FBI action details, AP reporting on the domain seizures, Times of India reporting on the domain list, and the recent Five Eyes warning on recruitment through job and freelance platforms. The Chinese embassy in Washington denied the allegations. The domain seizures are a law enforcement action; the article uses terms such as "allege" and "according to" where appropriate.