Posted inIntelligence ops National Security

Beijing’s Honeypot Strategy: How China Adopts Russian Espionage Tactics in the United States

October 24, 2025
Beijing’s Honeypot Strategy: How China Adopts Russian Espionage Tactics in the United States

China, in the process of expanding its HUMINT (human intelligence) assets, is increasingly adopting Russian forms and methods of espionage. Recently, there has been a noticeable trend toward the active use of female spies, employed through honeypot tactics. Although this strategy is traditionally associated with Russian intelligence operations, we are convinced that Beijing views it as a relatively easy means of infiltrating agents into U.S. territory and legalizing operatives of its illegal intelligence networks — a process facilitated by U.S. citizenship acquisition procedures.

The recent exposure of a Chinese female spy within the circle of a U.S. governor underscores the effectiveness of this model.

China’s intelligence and security apparatus — chiefly the Ministry of State Security (MSS) and associated state/intelligence-linked agencies — has for decades been engaged in economic and technological espionage as part of its great-power ambitions and industrial policy. For example, one historical overview notes China’s use of a five-step recruitment process (spotting → assessing → developing → recruiting → handling) targeting U.S. nationals and foreign assets.  

G39l5E XsAASpmR
Christine Fang, also known as Fang Fang, was a Chinese spy who formed relationships with up-and-coming US politicians between 2011 and 2015.

In today’s globalised, digital economy, U.S. dominance in advanced technologies (semiconductors, AI, defense-dual tech) is a strategic vulnerabilityChina has strong incentives to use human intelligence (HUMINT) and non-traditional methods to bypass cyber defences, gather intellectual property, access sensitive research, and exploit U.S. academic/industrial openness.

Use of female operatives: Why a “sex-seduction” or “honeypot” approach?

Recent reporting highlights that China (along with Russia, though our focus here is China) is employing “attractive women” posing as investors, business professionals, academics or romantic partners to gain access to U.S. tech talent, networks and research infrastructure. This method is sometimes called “honeytrap” or “sex warfare”. 

A deputy of New York Governor Hochul, Linda Sun, is accused of being a Chinese spy.

There are several features that make this modus operandi attractive from China’s perspective:

  • The U.S. tech ecosystem is open, highly networked (conferences, LinkedIn, start-ups) and thus susceptible to social engineering rather than just classical espionage.
  • Using a “female operative” presents a more plausible civilian persona (investor, academic, consultant) which can less obviously be flagged as an intelligence agent.
  • Emotional/relational access (i.e., befriending or seducing a target) may yield deeper access—correspondence, trust, introductions, inside information—than technical hacking alone.
  • The cultural and legal constraints in the U.S. around personal relationships (and the relatively lower awareness of such methods) may create an asymmetric advantage. 

Geopolitical/industrial drivers

  • China’s push under policies such as “Made in China 2025”, “dual-use technology acquisition”, and emphasis on semiconductor and AI self-sufficiency create imperative for tech collection.
  • The innovation ecosystem in the U.S. (start-ups, university labs, venture capital) is both rich in target material and vulnerable to this kind of human-based approach (for example via LinkedIn invitations or investor start-up competitions).  
  • Intelligence and state security motivation: China seeks to reduce its dependence on foreign technology, mirror U.S./Western capabilities, and gain strategic advantage (both economic and military).

Recruitment and Targeting

  • According to reporting, Chinese operatives deploy LinkedIn connection requests, conference invitations, networking overtures by “young attractive” Chinese women targeting U.S. tech professionals. As one counterintelligence expert noted: “I’m getting an enormous number of very sophisticated LinkedIn requests from the same type of attractive young Chinese woman
  • These operatives may pose as investors, startup founders, academics or business consultants—thus embedding themselves in the tech/entrepreneurial network and gaining access to targets of interest.  
  • At in-person events, e.g., a conference in Virginia, two attractive Chinese women with detailed knowledge of the event tried to gain entry—indicating the operations may have decent tradecraft behind them (reconnaissance, gathering of event details).  
  • The tactics go beyond mere professional networking: the term “sex warfare” is used by experts to describe operations wherein seduction, friendship, romance, and even marriage are used to embed a spy with the target.  
  • One source explained:

“Showing up, marrying a target, having kids with a target — and conducting a lifelong collection operation, it’s very uncomfortable to think about, but it’s so prevalent.” 

  • These relationships provide access to: personal networks, email/computer access (via trust), introductions to colleagues, conferences; potentially being introduced into secure research settings.

Technology / Investment Entry Points

  • In addition to personal relationships, the operatives use startup competitions, business pitch events, or investment vehicles organised by Chinese interests to lure U.S. innovators, often requiring sharing IP/business plans as entry condition, or inviting them to China or Chinese-linked events.  
  • The combination of “soft” espionage (investment contests, talent recruitment) plus “hard” seduction/honeypot mixes allows China to exploit multiple vulnerabilities in the U.S. ecosystem.

Hybrid Human-Cyber Espionage

This strategy constitutes a fusion of human and cyber intelligence: instead of only hacking servers, the adversary injects human operatives to exploit relational, emotional, social access.  

Once relational/trust access is gained, they can pivot to introduce malware, phishing, or access credentials embedded in business contexts.

While direct declassified cases of female Chinese operatives in the U.S. using honeypot tactics are limited in public domain (likely due to classification), the following pieces of evidence are relevant:

  • Reporting by major outlets (e.g., The Times / Economic Times / YNet) that Chinese (and Russian) women are being used to target U.S. tech professionals via sophisticated LinkedIn networking and attempted infiltration of conferences.  
  • Case of U.S. policy response: the U.S. Department of State introduced (in April 2025) a directive banning government personnel stationed in China from romantic/sexual relationships with Chinese citizens — acknowledging explicitly the risk of “honeypots” used by Chinese intelligence
  • While not female-operative specific, historical patterns (e.g., Chinese recruitment strategy described in “China’s 5 Steps for Recruiting Spies” piece) show Chinese intelligence has offered “women”, apartments, money as incentives in espionage operations.  

Caveats

  • Public scholarship on specific named female Chinese spies operating in the U.S. is sparse; many operations remain covert and un-publicised.
  • Media reports sometimes conflate Russian and Chinese operations; the focus here is on China but there is overlap.
  • Care must be taken to avoid unsupported allegations or race/ethnicity-based bias: the evidence is general and systemic, not necessarily individual known public cases of female Chinese spies.

Economic / Technological Risks

  • Theft of intellectual property (IP) and trade-secrets: As operations target U.S. tech professionals, the risk is high for leaking cutting-edge research in AI, semiconductors, defence-dual tech, biotech. This undermines U.S. technological lead and gives China cost-advantage in R&D.
  • Loss of competitive advantage: U.S. start-ups and researchers may find themselves exploited via investment/pitch events or relational access, eventually leading to relocation of IP or forced disclosure.  

National Security / Defence Risks

  • Access to defense-dual research: Many U.S. tech hubs have relationships with the U.S. Department of Defense (DoD) or defence prime contractors; infiltration of personnel or networks via relational espionage poses national security risk.
  • A compromised insider (even via “non-official cover”) may enable hacking, forwarding credentials, or creating vulnerabilities in supply-chains or mergers/acquisitions.

Human/Personnel Security Risks

  • The “honeypot” method poses serious personnel security vulnerabilities: employees may be manipulated emotionally/romantically to disclose secrets, grant access, or recruit others.
  • Open professional networks (LinkedIn, tech conferences) become a lurking ground for social engineering, especially among scientists, engineers, VCs, entrepreneurs.

Strategic/Geopolitical Risks

  • Undermining U.S. technological ecosystem resilience and setting back U.S. allies who rely on U.S. tech standards/leadership.
  • The diversion of U.S. resources into counter-intelligence and defensive posture may reduce focus on innovation and productivity.
  • Creates asymmetric advantage for China: while U.S. culture, law and norms constrain overt “honeypot” style operations, China may exploit them more freely

5. Policy / Counter-intelligence Implications & Responses

U.S. Government & Agency Actions

  • The State Department’s 2025 ban on government personnel in China engaging in romantic or sexualrelationships with Chinese citizens signals recognition of the honeypot threat.  
  • The intelligence community must broaden beyond traditional cyber-hacking threats to include relational/human intelligence threats within academia and the private sector.
  • Corporate and startup ecosystem must strengthen insider threat awareness: vetting of investor relationships, external professional connections, vetting of “too-good-to-be-true” LinkedIn contacts, monitoring for abnormal access.

Private Sector / Academic Sector Responses

  • Universities and tech companies must include personnel-security training about social engineering, deceptive recruitment, relational exploitation (especially via social networks and professional platforms).
  • Startup events/competitions with foreign investors should carry heightened risk assessment: require due diligence, limit sharing of proprietary IP outside secure environments, apply stricter gating of participation.
  • Industry-academia partnerships should consider threat models that include relational infiltration, not just digital intrusion.

International Cooperation

  • U.S., its allies and partners in tech (e.g., in Europe, Asia) should share threat-intelligence on relational espionage methods, especially cross-border startup/investment espionage.
  • Harmonised regulation on foreign investment into sensitive tech start-ups and closer oversight of foreign entry points.

Cultural and Legal Challenges

  • One challenge is that “honeypot” tactics exploit trust, personal relationships and migrate in the grey zone between criminal espionage and consensual relationships—making enforcement and detection difficult.
  • U.S. norms and privacy laws may limit intrusive personnel monitoring in private sector; balancing civil liberties and security will be a key policy issue.

Possible Future Scenarios

  1. Escalation: The number of female-operative “honeytrap” operations increases and expands beyond tech hubs into AI, biotech, aerospace sectors. This may lead to high-profile compromises of U.S. start-ups or university labs.
  2. Detection & Disruption: U.S. and allied agencies develop stronger relational-espionage detection systems (monitoring anomalous social connections, start-up investor networks) and are able to expose/neutralise several operations.
  3. Blow-back/Legal Push-back: High-profile cases of seduction-based espionage lead to public scandals, prompting legislative/regulatory reform of foreign investment into U.S. tech start-ups.
  4. Adaptation by China: As the U.S. increases awareness, China shifts to more subtle/off-shore modes (remote relational operations, influencers, diaspora networks) to maintain access.

The use of female operatives by China in espionage efforts within the United States represents a significant evolution of human-intelligence tradecraft tailored to the modern, open innovation ecosystem. As traditional cyber-toolkits become more defended, the relational/honeypot pathway offers China a potentially effective back-door to U.S. technological, commercial and national security assets. The U.S. response must therefore expand beyond firewalls and network intrusion defences to include human network integrity, social-engineering resilience and investment/academic ecosystem guardrails.

In effect, while the U.S. has long pursued technology dominance via open innovation, China is increasingly adapting to exploit that openness via people and relationships rather than only servers. Addressing this threat thus requires a shift in security mindset—one that recognises the vulnerability of trust and personal networks in a hyper-connected world.

bo11

More on this story: Moscow sets the stage for intelligence infiltration into OSCE PA

Tags: