Federal authorities have taken down 13 internet domains allegedly connected to a Chinese intelligence-gathering operation targeting U.S. government personnel. The FBI seized the domains as part of an investigation into efforts to compromise current and former government employees and military personnel who hold security clearances and access to classified information.

The domain seizures represent the latest action by U.S. law enforcement against suspected foreign intelligence operations on American soil. While Chinese state-sponsored cyber espionage campaigns have targeted U.S. government networks for years, this operation appears to have focused specifically on individuals rather than organizational infrastructure. The FBI has not released information about the specific agencies or military branches whose personnel were targeted.

Technical details about the operation remain limited. Authorities have not disclosed whether the domains were used for phishing campaigns, watering hole attacks, or other social engineering techniques commonly employed in intelligence operations. The domains' registration information, hosting providers, and operational timeline have not been made public. It is unclear whether any classified information was successfully exfiltrated through these channels.

The seizure affects an unknown number of potential victims among the U.S. government workforce. Personnel with active security clearances across defense, intelligence, and civilian agencies may have been exposed to the operation. The scope of any successful compromises has not been revealed, and authorities have not indicated whether any arrests have been made in connection with the campaign.

Current and former government employees with security clearances should remain vigilant for suspicious communications and report any unusual contact attempts to their security officers. Organizations should review access logs and authentication records for anomalies. Federal personnel should verify the legitimacy of any websites requesting credentials or sensitive information, particularly those claiming affiliation with government agencies or military organizations.

Source: https://www.helpnetsecurity.com/2026/06/11/fake-consulting-websites-target-us-security-clearance-holders-china/