The energy sector faces a category of threat that most commercial security programs are not designed to address: nation-state intelligence services using human assets to achieve access that technical means cannot.
In July 2025, Italian authorities arrested an individual working for a Shanghai technology company who was operating under direction from China's Ministry of State Security. The arrest was part of a broader pattern: dozens of Russian and Chinese intelligence assets identified and arrested across Europe and the United States in 2024 and 2025. The common thread in many of these cases was economic and industrial targeting — energy companies, defense contractors, critical infrastructure operators.
The FBI has issued specific warnings about increased Chinese and Russian targeting of the U.S. energy sector. The objectives are well-documented: theft of intellectual property including exploration data, bid information, and proprietary technology; recruitment of employees with access to operational technology systems; establishment of persistent access that can be activated for disruption at a strategic moment. These are not hypothetical threat scenarios. They are active, documented operations.
A Trustwave researcher stated plainly in 2025 that it would be naive to believe foreign intelligence operatives are not embedded in the U.S. energy sector. This is not hyperbole. It reflects an intelligence community assessment that has been consistent for years and is becoming more urgent as the sector's geopolitical importance increases.
The Attack Patterns Look Like Normal Business
The challenge for security and HR teams is that each of these activities, in isolation, looks like normal business. The intelligence tradecraft is specifically designed to stay inside the threshold of what triggers a conventional security response. A compliance program, an annual background check, and a perimeter firewall are not built for this.
The patterns are recognizable once you know what to look for:
- LinkedIn approaches — Contacts presenting as consultants, researchers, or business development contacts requesting meetings to discuss “partnership opportunities.”
- Conference targeting — Approaches at industry events where access to subject matter experts is easy and contact is expected, asking detailed questions about technology or operations.
- Documentation requests — Unusual requests for technical documentation framed as due diligence or academic research.
- Suspicious candidates — Job candidates with exceptional credentials and unusual interest in specific operational systems.
- Scope creep — Existing employees who begin asking questions outside their role or attempting to access systems beyond their function.
What Organizations Should Do
Develop an adversary-informed threat model that specifically accounts for human intelligence collection targeting your organization. Understanding which nation-state actors target your sector, what they value, and how they operate is the foundation of an effective countermeasure program.
Integrate HR, physical security, and cybersecurity functions around insider and human threat detection. Siloed departments with no common visibility and no shared intelligence picture cannot detect the patterns that span their separate domains.
Train personnel who are likely targets — not generic security awareness, but role-specific guidance about how intelligence recruitment actually works, what approaches to recognize, and how to report concerns without stigma.
Apply behavioral analytics to access patterns. Changes in access behavior, unusual data movement, and off-hours system activity are often the only technical signals of a human-enabled threat before the damage is done.
FBI Energy Sector Advisory 2025 · Trustwave Energy Industry Report 2025 · ITIF Chinese Economic Espionage Report 2025
Is your workforce prepared for intelligence-grade targeting?
Sphinx brings counterintelligence tradecraft to the commercial sector. Our Discover service suite identifies, evaluates, and mitigates human-enabled threats that bypass every technical control.