The Growing Insider Threat: How U.S. Military and Intelligence Personnel Are Being Recruited as Spies

Breached Company

Breached Company

9 min read
The Growing Insider Threat: How U.S. Military and Intelligence Personnel Are Being Recruited as Spies
Photo by Jason Leung / Unsplash

The numbers are staggering: the FBI opens a new China-related counterintelligence case every 10 hours, and 2025 has already seen more military espionage arrests than many entire years in recent history. What's driving this surge in insider threats, and why are our own personnel betraying national security for surprisingly modest sums?

The arrest of Chinese national Xu Zewei in Italy for alleged COVID vaccine espionage represents just the tip of an iceberg that extends deep into America's military and intelligence communities. While foreign nationals conducting espionage grab headlines, an equally troubling trend has emerged: a dramatic increase in U.S. military and intelligence personnel being caught selling secrets to foreign adversaries, particularly China.

Industrial Espionage and International Justice: The Arrest of Xu Zewei Exposes Ongoing Threats to Critical Research
Bottom Line Up Front: The arrest of Chinese national Xu Zewei in Italy for alleged COVID vaccine espionage highlights the persistent threat of state-sponsored industrial espionage targeting critical U.S. research, demonstrating both the international scope of these operations and the effectiveness of cross-border law enforcement cooperation. The arrest of
Breached CompanyBreached Company

A Banner Year for Espionage Arrests

2025 has proven to be what counterintelligence experts might call a "target-rich environment" for prosecutions. The year began with the sentencing of Army intelligence analyst Korbein Schultz to seven years in prison for selling military secrets to China for just $42,000. But Schultz's case was only the beginning.

In March 2025, federal authorities arrested three soldiers in a sweeping operation: active-duty Army soldiers Jian Zhao and Li Tian, along with former soldier Ruoyu Duan, all accused of gathering and selling sensitive military information to Chinese contacts. The amounts involved tell a disturbing story about how cheaply national security can be compromised—Zhao received a mere $15,000 over five months for potentially devastating intelligence.

The same month brought the arrest of Michael Charles Schena, a 42-year-old State Department employee with top-secret clearance. Court documents reveal that Schena received $10,000 and an iPhone 14 from a contact named "Jason"—payment recorded in his iCloud as equaling "79,841 CNY" (Chinese yuan). The case highlights how foreign intelligence services are systematically targeting U.S. government employees through online platforms and offering modest but steady compensation for classified information.

Iranian Cyber Espionage: Lemon Sandstorm’s Prolonged Attack on Middle East Critical Infrastructure
Introduction Between May 2023 and February 2025, the Iranian state-sponsored hacking group Lemon Sandstorm, also known as Rubidium, Parisite, Pioneer Kitten, or UNC757, conducted a sophisticated and prolonged cyber espionage campaign targeting critical infrastructure in the Middle East. Exploiting vulnerabilities in VPN systems from Fortinet, Pulse Secure, and Palo Alto
Breached CompanyBreached Company

The Navy Under Siege

The U.S. Navy has proven particularly vulnerable to foreign recruitment efforts. In August 2023, two separate cases rocked the service when sailors Jinchao Wei and Wenheng Zhao were arrested for providing sensitive military information to China.

Wei, just 22 years old and serving aboard the USS Essex, was approached by a Chinese intelligence officer while applying for U.S. citizenship. Despite knowing the arrangement could jeopardize his naturalization, Wei provided photographs, videos, and over 50 technical manuals detailing Navy ships and their systems.

Zhao's case was equally troubling. Working as a construction electrician at Naval Base Ventura County, he photographed classified screens, transmitted blueprints of radar systems, and shared operational plans for military exercises in the Indo-Pacific. His total compensation: $14,866 over nearly two years—less than many Americans spend on a used car.

In June 2025, the threat came full circle when two Chinese nationals, Yuance Chen and Liren Lai, were arrested for acting as agents of China's Ministry of State Security. Their mission: recruit U.S. Navy personnel and collect intelligence on naval facilities. Chen had already made contact with Navy personnel and even toured the USS Abraham Lincoln as part of his intelligence-gathering operation.

Chinese state-sponsored Espionage Group Silk Typhoon Targets IT Supply Chain
Microsoft has identified a significant shift in tactics by the Chinese state-sponsored espionage group Silk Typhoon (also tracked as HAFNIUM), which now targets IT supply chains and cloud applications to breach downstream organizations14. This technical brief outlines their evolving tradecraft, historical patterns, and mitigation strategies. Executive Summary Silk Typhoon has
Breached CompanyBreached Company

Historical Context: Not Just a Modern Problem

While the current surge is unprecedented in its scope and frequency, espionage within U.S. military and intelligence ranks is not new. The most devastating cases in American history involved career intelligence officers who sold secrets for significant sums and ideological reasons.

Robert Hanssen, an FBI counterintelligence specialist, spied for the Soviet Union and Russia from 1979 to 2001, selling approximately 6,000 classified documents for over $1.4 million. His betrayal has been described as "possibly the worst intelligence disaster in U.S. history."

Similarly, CIA officer Aldrich Ames sold secrets to Soviet and Russian intelligence services throughout the 1980s and 1990s, directly causing the execution of at least 10 Russians who had been secretly working for the United States.

The modern era has also seen high-profile cases like Bradley Manning (later Chelsea Manning), who leaked 750,000 classified documents to WikiLeaks, and Edward Snowden, whose NSA revelations exposed extensive U.S. surveillance programs.

The Dragon’s Shadow: China’s PurpleHaze Campaign Targets Global Infrastructure in Unprecedented Espionage Operation
SentinelOne exposes massive Chinese cyber espionage campaign spanning eight months and compromising over 70 organizations worldwide In the shadowy world of state-sponsored cyber espionage, few campaigns have demonstrated the scope, sophistication, and strategic patience exhibited by what SentinelOne researchers have dubbed “PurpleHaze.” From July 2024 to March 2025, this China-linked
Breached CompanyBreached Company

What Makes Today's Threat Different

Several factors distinguish the current wave of espionage cases from historical precedents:

Scale and Frequency: The FBI currently maintains about 1,000 active investigations involving China's attempted theft of U.S.-based technology across all 56 field offices. With a new China-related counterintelligence case opening every 10 hours, the scope dwarfs previous eras.

Modest Financial Incentives: Unlike Cold War-era spies who often received substantial sums, today's cases involve surprisingly small amounts. This suggests that foreign intelligence services have identified a vulnerability in relatively low-paid military and government personnel who may be struggling financially.

Social Media Recruitment: A May 2025 study found that Chinese intelligence operations are systematically targeting laid-off U.S. government employees through fake job websites and social media platforms like LinkedIn. This represents a fundamental shift from traditional recruitment methods.

Targeting Strategy: Rather than trying to insert foreign operatives, Chinese intelligence services are focusing on recruiting individuals who already have access to desired information. As one expert noted, they target people with "suitability" and "access" who are already working at target organizations.

The China Factor

While various nations engage in espionage, China dominates current threat assessments. According to FBI statistics, roughly 80 percent of economic espionage prosecutions allege conduct that would benefit China, with at least some nexus to China in around 60 percent of all trade secret theft cases.

This focus reflects China's systematic approach to intelligence gathering, which combines traditional espionage with cyber operations, academic infiltration, and economic pressure. The strategy appears designed to support China's long-term goal of technological and military parity with the United States.

Czech Republic Confronts China Over Major Cyber Espionage Campaign: APT31’s Three-Year Assault on Prague’s Foreign Ministry
Bottom Line Up Front: The Czech Republic has summoned China’s ambassador over a sophisticated three-year cyber espionage campaign that targeted the Czech Foreign Ministry’s unclassified communications network, marking the latest escalation in a global pattern of Chinese state-sponsored cyber attacks attributed to the notorious APT31 group. 1/2 We are
Breached CompanyBreached Company

Why Personnel Are Vulnerable

The recent cases reveal several factors that make military and intelligence personnel vulnerable to foreign recruitment:

Financial Pressure: Many of the individuals arrested were relatively junior personnel earning modest salaries. The amounts they received—often between $10,000 and $50,000—represent significant sums for someone struggling with debt or financial obligations.

Access Exceeding Pay Grade: Junior personnel with security clearances often have access to highly classified information while earning relatively low wages, creating a dangerous imbalance between responsibility and compensation.

Online Exposure: Social media platforms provide foreign intelligence services with unprecedented access to potential recruits. They can identify financial pressures, personal grievances, and other vulnerabilities through public posts and professional profiles.

Gradual Compromise: Many cases show a pattern of gradual escalation, where individuals begin by sharing seemingly innocuous information before being drawn deeper into espionage relationships.

Encrypted Frontlines: Unpacking Cyber Espionage, Messaging App Vulnerabilities, and Global Security
In the digital age, encrypted communication platforms have become essential tools for privacy and security. They serve journalists, activists, military personnel, and everyday users alike. However, recent incidents reveal that these platforms are not invulnerable. State actors and cybercriminals are finding new ways to exploit vulnerabilities, blurring the lines between
Breached CompanyBreached Company

Implications for National Security

The insider threat represents a fundamental challenge to national security. Unlike external cyber attacks or traditional espionage operations, insider threats are difficult to detect and prevent because they involve individuals who already have legitimate access to sensitive information.

The modest sums involved in recent cases are particularly troubling because they suggest these operations may be more widespread than major investigations reveal. If personnel can be compromised for relatively small amounts, the potential scale of undetected espionage could be enormous.

Additionally, the information being stolen—from military technical manuals to diplomatic communications—provides foreign adversaries with insights that could take years or decades to obtain through other means.

The Five-Year Blind Spot: How Healthcare’s Insider Threats Go Undetected
Jackson Health System’s shocking revelation exposes a trusted employee who accessed 2,000+ patient records for personal gain over five years On June 6, 2025, Jackson Health System disclosed what may be one of the most troubling healthcare data breaches of the decade—not because of its scale, but because
Breached CompanyBreached Company

Looking Forward: The Counterintelligence Challenge

The surge in insider threat cases highlights the need for enhanced counterintelligence measures, including:

  • Enhanced Screening: More thorough background investigations and ongoing monitoring of personnel with access to classified information
  • Financial Monitoring: Better systems for detecting unusual financial activity among cleared personnel
  • Education and Awareness: Improved training on foreign recruitment tactics and the use of social media by intelligence services
  • Support Systems: Programs to help personnel dealing with financial or personal difficulties before they become vulnerable to foreign recruitment
Insider Threats in the U.S. Government: The Arrest of a Pentagon Employee and Broader Implications
Introduction The recent arrest of Pentagon employee Gokhan Gun has highlighted the persistent and evolving threat posed by insider threats within the U.S. government and military. Gun, a U.S. citizen born in Turkey, was charged with possessing and transmitting classified national defense information. The case underscores the critical
Breached CompanyBreached Company

Conclusion: A Clear and Present Danger

The wave of military and intelligence personnel arrests in 2024-2025 represents more than isolated incidents—it reveals a systematic campaign by foreign adversaries to penetrate American national security from within. The relatively modest sums involved make this threat particularly insidious, as it suggests that financial pressure alone can turn trusted personnel into foreign agents.

As the FBI opens new China-related counterintelligence cases every 10 hours, the scope of this challenge becomes clear. The arrest of individuals like Xu Zewei abroad demonstrates international cooperation in combating espionage, but the real battle is being fought much closer to home—in military bases, intelligence facilities, and government offices across the United States.

The insider threat is not just a counterintelligence problem; it's a reflection of broader vulnerabilities in how America protects its most sensitive information in an interconnected world. Addressing it will require not just better security measures, but a fundamental rethinking of how we support and monitor the people we entrust with our nation's secrets.

The stakes could not be higher. Each successful recruitment represents not just a betrayal of trust, but a potential advantage handed to adversaries who seek to undermine American security and global leadership. The time for complacency has long passed—the threat is here, it's growing, and it demands immediate, sustained attention from policymakers, security professionals, and the American public alike.

Read more

Industrial Espionage and International Justice: The Arrest of Xu Zewei Exposes Ongoing Threats to Critical Research

Industrial Espionage and International Justice: The Arrest of Xu Zewei Exposes Ongoing Threats to Critical Research

Bottom Line Up Front: The arrest of Chinese national Xu Zewei in Italy for alleged COVID vaccine espionage highlights the persistent threat of state-sponsored industrial espionage targeting critical U.S. research, demonstrating both the international scope of these operations and the effectiveness of cross-border law enforcement cooperation. The arrest of

By Breached Company