An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

 

News

News

Read the latest news.
View All News
News | Jan. 28, 2026

DCSA report reveals foreign adversaries increasingly use résumés, job solicitations to steal U.S. technology

WASHINGTON, D.C. – Foreign intelligence entities (FIEs) are systematically targeting the U.S. cleared industrial base by exploiting routine business activities like hiring and expert consultations, according to a new report released by the Defense Counterintelligence and Security Agency (DCSA) on Jan. 28, 2026.

The 2025 report, "Targeting U.S. Technologies: A Report of Threats to Cleared Industry," reveals a significant shift toward human-focused tactics over purely technical cyberattacks. The single most common method used by adversaries was the submission of résumés to cleared companies, accounting for 28% of all reported collection attempts. Email was the primary vector for these approaches, used in 32% of all incidents.

According to the analysis, entities from East Asia and the Pacific were responsible for 43% of reported incidents, making them the most active threat region.

"The threat has evolved. Adversaries are hiding in plain sight, using seemingly legitimate job applications, consultation requests, and business proposals to gain access to our nation's most sensitive technology," said a senior DCSA counterintelligence official. "This report is a critical alert for security leaders and cleared personnel: the front line is no longer just the firewall; it's the inbox and the HR department."

The report breaks down the most common methods FIEs use to target U.S. companies:

  • Résumé Submission (28%): Exploiting academic and professional hiring processes.

  • Exploitation of Experts (21%): Using paid consultations and soliciting subject matter experts.

  • Exploitation of Business Activities (16%): Leveraging partnerships and supplier relationships.

The most sought-after technologies include Aeronautic Systems, software, and other advanced services.

In response to these findings, DCSA is launching a new awareness campaign, "Your Work is Their Target. Be the First Line of Defense." The agency urges cleared industry partners to increase vigilance, scrutinize unsolicited contact, and empower employees to proactively file Suspicious Contact Reports (SCRs). DCSA emphasizes the need for Facility Security Officers (FSOs) and corporate leadership to update employee training to specifically address these human-targeting tactics.

For further information, contact Office of Communication and Congressional Affairs (OCCA): John Joyce at john.j.joyce2.civ@mail.mil

Related Posts

DCSA is addressing SF-312 digital submission issue in DISS; Provides guidance for industry users

The Defense Counterintelligence and Security Agency (DCSA) announced today that the issue causing mass rejections of digitally signed Standard Form 312 (SF-312)...

Jan. 20, 2026

DITMAC releases new insider threat podcast, “Beyond the Bulletin”

DCSA's DOD Insider Threat Management and Analysis Center (DITMAC) has released a new companion podcast to the monthly BTAC Bulletin newsletter, "Beyond the...

Nov. 19, 2025

NISP contractor fingerprint submissions resume

Defense Counterintelligence and Security Agency (DCSA) has resumed the submission of fingerprints under the 346W SON to the FBI. All fingerprints previously...

Nov. 13, 2025