Justice Department, FBI Disable 13 Websites Backed by Suspected Chinese Agents That Sought Sensitive U.S. Information from Security Clearance Holders - Department of Justice (.gov)

FBI Shuts Down 13 Chinese-Linked Sites Targeting US Security Clearance Holders

lairdnote·

The Justice Department and FBI announced Thursday they have seized 13 websites operated by suspected Chinese intelligence agents who were targeting Americans with security clearances. The sites were designed to trick clearance holders into handing over sensitive information, including classified documents and personal data that could be used for blackmail or espionage.

A police car parked at a night crime scene with yellow barricade tape, under streetlights.

The operation, which was coordinated with the FBI's Counterintelligence Division and the National Security Division, involved domains that impersonated legitimate services like email providers, cloud storage platforms, and VPNs. According to court documents, the sites were registered using fake identities and hosted on servers in multiple countries, making them difficult to trace. The FBI says the sites had been active for at least two years and had collected information from dozens of victims.

How the Scheme Worked

The attackers used a technique called 'credential harvesting' — essentially creating convincing fake login pages that looked identical to real services used by government contractors and military personnel. Once a target entered their username and password, the data was sent directly to the Chinese operators. In some cases, the sites also downloaded malware onto victims' computers, allowing the attackers to monitor keystrokes and capture screenshots.

The FBI identified the victims by analyzing server logs and IP addresses. Many were employees of defense contractors, intelligence agencies, and tech companies with access to sensitive programs. The information sought included details about upcoming weapons systems, cybersecurity vulnerabilities, and diplomatic communications.

Close-up of police officers in uniform, displaying badge and radio outdoors.

Why This Matters

This isn't just another phishing campaign. The sophistication of the operation — using multiple domains, custom malware, and social engineering tailored to each victim — suggests a state-backed effort with significant resources. The FBI says the Chinese government has been increasingly aggressive in targeting U.S. personnel with clearances, especially those working on emerging technologies like AI and quantum computing.

Officials declined to say whether any classified information was actually stolen, but they confirmed the investigation is ongoing. The seized domains are now displaying a seizure notice from the FBI, warning visitors that the sites were part of a criminal conspiracy.

For security clearance holders, this is a stark reminder: even a single wrong click can compromise years of work and put national security at risk. The FBI recommends using multi-factor authentication, avoiding suspicious links, and reporting any unusual activity to your security officer immediately.