IN Brief:
- Five Eyes agencies have warned of Chinese intelligence activity on job and professional networking platforms.
- The targeting includes people with classified, privileged, military, government, and national-security access.
- Defence manufacturers face growing pressure to combine cyber controls with workforce security and insider-risk monitoring.
Five Eyes security agencies have warned that Chinese intelligence services are using job sites, recruiter personas, and professional networking platforms to approach people with access to sensitive information.
The activity targets current and former government, military, defence, intelligence, foreign affairs, and security-cleared personnel, as well as people with indirect access to privileged information through suppliers, contractors, or technical roles. For defence manufacturers, the risk is immediate rather than abstract, because modern programmes rely on distributed industrial networks where valuable knowledge is spread across primes, SMEs, software providers, materials specialists, engineering consultancies, logistics companies, and test houses.
Sensitive information no longer sits only inside a government department or prime contractor vault. It moves through controlled technical data, CAD models, export-controlled documents, test reports, vulnerability information, manufacturing process files, supplier records, and programme schedules. A hostile recruiter does not need to extract a complete blueprint if partial access, professional conversation, and technical context can be assembled over time.
Manufacturing knowledge is especially valuable. Defence production depends on process detail as much as design authority. Knowing how a component is manufactured, where tolerances become difficult, which suppliers face bottlenecks, what materials are scarce, or which tests are repeatedly failed can expose the true state of a programme. In advanced defence sectors, production knowledge may be harder to acquire than finished hardware.
The warning also shows how cyber risk and human intelligence risk are converging. A professional networking message can become an intelligence approach, a phishing route, or a pathway into a supplier relationship. Security teams therefore need to treat recruitment platforms, contractor onboarding, remote work, and supplier collaboration as part of the same defensive perimeter.
The cyber dimension has already been visible in hostile infrastructure activity. China-linked botnets sharpen UK defence cyber risk examined the technical side of China-linked cyber activity, while the latest Five Eyes warning adds the human layer. Strong technical controls can still be weakened if trusted staff are targeted outside corporate systems.
Annual training alone will not be enough for defence manufacturers handling classified, controlled, or export-sensitive work. Companies need practical reporting routes, clear guidance on suspicious approaches, monitoring of unusual data access, and controls around offboarding former employees. The risk does not end when a person leaves a programme, because former staff may still hold valuable technical knowledge and can become more exposed to external approaches while seeking new work.
SMEs face a particularly heavy burden. Many smaller suppliers are essential to advanced manufacturing, yet they may lack mature security teams. They still hold sensitive drawings, process data, quality records, production know-how, and controlled programme information. Hostile recruiters are unlikely to distinguish between a prime and a small subcontractor if both provide access to the same industrial ecosystem.
The cultural challenge is delicate. Defence engineering relies on professional networks, conferences, recruitment activity, and specialist labour mobility. Excessive restriction can damage hiring and collaboration. Practical security awareness should help engineers recognise suspicious patterns, including vague overseas consultancy work, requests for non-public technical detail, unusually high payment for generic advice, pressure to move conversations off-platform, or interest in work areas that do not match a legitimate role.
As defence production expands across the UK, Europe, the US, and APAC, more hiring, subcontracting, technology transfer, and international collaboration will increase exposure. Industrial mobilisation creates more opportunities for adversaries to map suppliers, identify technical specialists, and approach individuals who may not see themselves as intelligence targets.
Workforce security has become part of production security. Protecting the defence industrial base means protecting machines, networks, drawings, software, materials, and people. The weakest point may be outside the factory gate, in a message that looks like a career opportunity.
