4 June 2026 Nation-State Threats

Five Eyes Warn: Chinese Intelligence Is Using LinkedIn and Upwork to Recruit Australian Insiders

On 3 June 2026, the intelligence agencies of all five Five Eyes nations — Australia's ASIO, the FBI, MI5, Canada's CSIS, and New Zealand's NZSIS — jointly released a bulletin titled Safeguarding Our Secrets, warning that Chinese military intelligence services are posing as job recruiters on LinkedIn, Indeed and Upwork to cultivate Australians with access to sensitive government, defence, and research information. ASIO confirmed that Australian nationals are among those being actively targeted.

Disclosure: This post contains affiliate links. We only recommend tools we've researched and trust. If you purchase through our links, we may earn a commission at no extra cost to you.

The Advisory at a Glance

The Safeguarding Our Secrets bulletin, published simultaneously by all five Five Eyes agencies on 3 June 2026, represents a notable departure from the technical vulnerability advisories that typically occupy ACSC's alert feed. Where most joint advisories deal with software flaws and network intrusion, this one names a fundamentally human threat: Chinese military intelligence operatives and their affiliated actors posing as legitimate employers to draw out information that would be difficult to obtain through hacking alone.

The advisory names three platforms by name — LinkedIn, Indeed, and Upwork — as the primary channels for making contact. The choice is not accidental. These platforms are widely used by Australian professionals, researchers, and contractors who hold, or have recently held, access to sensitive government, defence, or critical infrastructure information. Their design encourages detailed public disclosure of career history, skills, and professional connections — precisely the data points foreign intelligence services use to identify and rank potential targets.

The agencies describe the operation as systematic and ongoing, not a one-off campaign. Chinese military intelligence is not casting a wide net hoping for a response; the bulletin makes clear that recruiter profiles are constructed carefully, contact is initiated selectively, and the relationship is cultivated over time before any request for sensitive information is made.

The advisory also clarifies scope. The risk group is broader than security-cleared government workers. It explicitly includes academics, researchers, journalists, freelance writers, think tank employees, and consultants who have indirect or peripheral access to sensitive information. For Australian readers, that framing is significant: you do not need to hold a formal security clearance to become a person of interest to Chinese intelligence services.

ASIO confirmed that Australian nationals are among those being actively targeted. The June 2026 bulletin gives that warning operational specificity — naming the recruitment method, the platforms used, and the payment mechanisms employed to compensate targets for what the agencies characterise as a systematic intelligence collection effort.

Why Australian Professionals Are in the Crosshairs

Australia occupies an unusual strategic position. As a member of the Five Eyes intelligence alliance, it contributes to — and benefits from — some of the world's most sensitive intelligence-sharing arrangements. It maintains a significant military presence in the Indo-Pacific, hosts US defence assets, and sits at the centre of regional security dynamics that China views as critical to its own strategic interests. That position makes Australia a high-value intelligence target.

The Safeguarding Our Secrets advisory identifies several categories of Australian professionals who are particularly at risk:

Security clearance holders working in defence, foreign affairs, cybersecurity, and intelligence
Current and former military personnel, particularly those with experience in the Indo-Pacific region
Defence contractors and supply-chain participants in the defence industry
Policy advisers, foreign affairs analysts, and government economists
Academics and researchers working on advanced technology, artificial intelligence, quantum computing, and national security
Journalists and think tank analysts covering defence, China relations, or Indo-Pacific policy
Freelance writers and consultants with peripheral exposure to government work

The last three categories deserve particular attention because they sit outside the traditional security-awareness training pipeline. A defence contractor working inside a secure facility receives regular security briefings. An academic who consulted for a government committee two years ago and now freelances may not. Yet their knowledge of how certain policies were formed, what questions were being asked, or who the key decision-makers are can be genuinely valuable to a foreign intelligence service — and they are far less likely to recognise an approach for what it is.

ASIO's inclusion of "peripheral access" in the risk definition reflects a broader understanding of how intelligence services operate. Secrets are frequently assembled from fragments provided by multiple individuals, none of whom believes they disclosed anything significant. A recruitment operation targeting a dozen semi-informed freelancers may yield more actionable intelligence than a single attempt to recruit a senior clearance holder who is alert to the risk. That is precisely why the advisory targets awareness at the broader professional population, not just government employees.

How the Recruitment Operation Works

The Safeguarding Our Secrets advisory and supporting reporting from The Record describe a multi-stage recruitment process designed to feel entirely normal at every step — until the point where it is not.

Stage one: Identification and targeting

Using publicly available information — LinkedIn profiles, conference speaker bios, academic papers, government committee listings, and press bylines — operatives build candidate lists ranked by the likely value of the information each person might possess. The agencies note that recent access to classified or policy-level information makes the highest-priority targets, but historical access also has value: a researcher who completed a government contract three years ago still carries knowledge of processes, personnel, and institutional structures that a foreign intelligence service would find useful.

Stage two: The fake job offer

Contact typically begins with a connection request, a direct message, or a formal job advertisement posted on LinkedIn, Indeed, or Upwork. The recruiter poses as an employee of a private consultancy, think tank, or human resources firm. The role advertised is invariably plausible — foreign policy analyst, defence research consultant, Indo-Pacific trade advisor — and the initial communication is professional in tone, with no immediate red flags.

Targets may be invited to submit a CV or prepare a trial report on a general topic such as regional security dynamics, bilateral trade policy, or emerging technology governance. These early tasks are designed to appear innocuous. They also serve a dual purpose: they let the recruiter assess how much genuine access and knowledge the target holds, and they begin building a sense of working relationship and financial expectation before anything compromising is requested.

Stage three: Escalation and payment

Once the relationship is established, communications move off the recruitment platform and onto encrypted messaging applications — reducing visibility and creating fewer records. Reports become more specific, payment becomes more regular (often via PayPal, Payoneer, Western Union, or cryptocurrency), and requests for information begin to escalate in sensitivity.

At this stage, many targets may not fully recognise what has occurred. They have completed tasks, received payment for what felt like legitimate consulting work, and moved incrementally toward a position where declining a more sensitive request feels awkward or financially costly. The agencies describe this as "cultivation" — a deliberate, graduated process that rarely involves an explicit request to "commit espionage," and which is designed to make that phrase feel like an overreaction to what seems, in the moment, like ordinary contract work.

Recognising the Warning Signs — and What to Do

The advisory provides clear guidance on what to do if you receive an unsolicited recruitment approach that fits the pattern described above. The following steps are drawn from the agencies' joint bulletin, with additional context for Australian readers.

Treat unexpected approaches with scepticism, regardless of platform. Legitimate employers and consultancies do not typically cold-approach individuals via encrypted messaging apps, request unpaid or lightly paid trial reports before a formal contract, or offer payments through informal financial channels like cryptocurrency or Western Union. If an approach moves quickly to "can you write us a brief report on X?" without a signed agreement and a verified entity behind it, treat that as a warning sign rather than an opportunity.

Verify the recruiter and the organisation independently. Search for the company's registered name, check whether it has an established web presence with a verifiable trading history, and look up the recruiter's employment history independently rather than relying on what their profile states. Chinese intelligence-affiliated front companies tend to be shallow: limited posting history, generic descriptions of services, stock-photo team members, and no verifiable client references. A genuine consultancy will welcome verification.

Do not move communications off a recruitment platform prematurely. If a recruiter insists on shifting to WhatsApp, Signal, or Telegram before a formal engagement is in place, treat that as a significant red flag. Legitimate employers operate within normal professional channels because they have no reason to avoid platform-level visibility. An insistence on encrypted private channels before any contract exists is a deliberate tactic, not a preference for convenience.

Be cautious about what your public profile reveals. LinkedIn and similar platforms are designed to maximise professional visibility — but that visibility works for intelligence services as well as employers. Review what your profile discloses about past roles, security-adjacent work, government engagements, or access to sensitive programmes. A profile that supports legitimate career networking does not need to include details that allow a foreign intelligence service to rank your access level before they contact you.

Report suspicious approaches to ASIO. If you believe you have been approached as part of a foreign intelligence recruitment operation, ASIO operates a reporting line and online form at asio.gov.au. The agencies are explicit that people who have been approached but have not disclosed anything sensitive are not in legal jeopardy for coming forward. ASIO uses such reports to map active operations and can act to protect others who may be targeted next.

Protecting Your Digital Footprint as a Professional

The recruitment operation described in Safeguarding Our Secrets sits at the intersection of two trends Australian security agencies have been tracking separately: the increasing use of human intelligence techniques by state-sponsored actors, and the growing professionalisation of foreign interference operations targeting individual Australians rather than government systems. For professionals operating at the edge of sensitive sectors, several practical measures are worth considering beyond the immediate warning signs described above.

Audit your public digital footprint. Search your own name and review what appears across LinkedIn, academic databases, conference programme archives, media bylines, and public committee listings. These sources individually seem harmless but collectively can paint a detailed picture of your access level and knowledge domains. The advisory notes explicitly that recruiters rank candidates based on publicly available information — which means reducing that information also reduces your profile as a target.

Compartmentalise your professional and personal online presence. A professional LinkedIn account does not need to link to personal accounts on other platforms, and a detailed career history does not need to include specifics that go beyond what a legitimate employer would require. Consider which parts of your professional history are necessary to advertise publicly and which serve no career purpose but do serve a foreign intelligence purpose.

Be alert to social engineering across all channels, not just job platforms. The techniques described in the advisory — building trust gradually, using plausible professional framing, normalising small requests before escalating — are standard social engineering tactics that can appear in email, at professional networking events, at academic conferences, and in industry seminars. Foreign intelligence services attend the same venues that Australian professionals in sensitive roles attend. The recruitment does not always begin on LinkedIn.

Understand the broader pattern. This advisory follows a series of Five Eyes and ACSC warnings about Chinese state-sponsored activity targeting Australian networks and individuals. Earlier warnings covered technical intrusion into critical infrastructure; the June 2026 bulletin addresses the human side of the same collection effort. Both vectors — technical access to systems and human access to information — serve the same strategic objective. Australian professionals operating in defence, technology, policy, and research face both risks simultaneously, and the defences for each require different awareness.

The Safeguarding Our Secrets bulletin is, at its core, a reminder that digital security extends beyond passwords, patches, and firewalls. Protecting sensitive information in 2026 increasingly requires awareness of who is asking, why they are asking, through what channel they are asking, and what chain of events a small, seemingly harmless disclosure might set in motion. If the approach feels unusual — even slightly — that instinct is worth acting on.