Full Report
A suspected Chinese intelligence outfit contacted a former senior State Department officer late last year requesting they draft an assessment of U.S. policy priorities in Venezuela in exchange for payment, Nextgov/FCW has learned. The former official, who worked in a national security role while employed by the government and requested anonymity to speak candidly about their experience,…
Analysis Summary
# Threat Actor: Suspected Chinese Intelligence Outfit (Attribution Level: Suspected)
## Attribution & Identity
**Attribution:** Suspected Chinese intelligence outfit, likely connected to Chinese state-sponsored intelligence services.
**Known Aliases and Associated Groups:**
* Associated with a nexus of fake companies and websites previously identified in research by the Foundation for Defense of Democracies (FDD).
* An operative cited in the approach claimed to be "Keven Lee" from a firm named "Foresight and Strategy." This firm and individual surfaced in prior reporting regarding operations aimed at recruiting former U.S. federal employees.
## Activity Summary
The activity detailed is a direct approach ("recruitment/tasking") targeting a former senior U.S. State Department officer who previously held a national security role. The actor, posing as a representative of "Foresight and Strategy," requested the former official draft an assessment on U.S. policy priorities in Venezuela in exchange for payment. This occurred late in the previous year. The stated purpose is to gain insights into sensitive U.S. foreign policy positions.
## Tactics, Techniques & Procedures
This incident primarily describes an **Influence Operation** and **Targeted Human Intelligence (HUMINT) Recruitment** rather than a typical cyberattack, though it often precedes or supports cyber/espionage operations.
- **Targeted Approach for Tasking:** Directly contacting a specific, high-value former official to solicit proprietary or sensitive information under the guise of external consultation/research.
- **Financial Inducement:** Offering payment in exchange for the deliverable (the assessment).
- **Use of Front Companies/Cover:** Utilizing a firm ("Foresight and Strategy") potentially tied to intelligence apparatus, which was previously identified in connection with similar recruitment efforts.
- **Information Solicitation:** Requesting subject-matter expertise on specific U.S. policy issues (Venezuela).
- **MITRE ATT&CK IDs (Inferred based on general activity type):**
- T1598.001: Spearphish: Attack Against a Specific Senior Official (for the initial contact/lure)
- T1559.001: Inter-Process Communication (If digital contact was established as part of a broader campaign)
- T1588.002: Obtain Capabilities: Establish Accounts (Via front company)
## Targeting
- **Sectors:** Government (specifically former intelligence/State Department personnel).
- **Geography:** The targeting originates from an entity linked to China, targeting U.S. nationals based on their past government roles.
- **Victims:** Former senior State Department officers with national security backgrounds. The official acted as the target for the recruitment attempt.
## Tools & Infrastructure
The primary tool mentioned is the **cover identity** and **front company**:
- **Front Business:** Foresight and Strategy.
- **Individual Persona:** Keven Lee.
- **Infrastructure (Defanged):** No specific C2 or infrastructure details were provided in this context, only the identity associated with the approach.
## Implications
This incident highlights an ongoing effort by Chinese intelligence to exploit the expertise and contacts of former U.S. officials for intelligence gathering, particularly concerning US geopolitical interests (Venezuela). It confirms the use of non-cyber methods (contracting/financial incentives) to obtain sensitive analysis and information directly from individuals privy to national security policy. The individual is speaking out specifically to warn other former federal employees.
## Mitigations
- **Vetting of Consulting Offers:** Former officials should exercise extreme caution regarding unsolicited offers for high-value research or consultancy work, especially when the topic involves sensitive U.S. foreign policy or national security matters.
- **Awareness of Front Groups:** Increased awareness within retired government employee communities about known fronts or "consulting firms" previously linked to foreign intelligence services (like Foresight and Strategy).
- **Reporting Requirements:** Former employees should be educated on procedures for reporting suspicious contacts to agencies like the FBI or relevant counterintelligence bodies, particularly when approached for sensitive subject matter in exchange for payment.