Guest Post: Consulting in the Name
Welcome to Memetic Warfare. Check out a guest post below from friend and colleague Max Lesser on what else but suspicious consulting companies.
Check out Max’s work below, and as always - guest posts are the sole opinion of the guest author.
All statements made here are made with the public interest and are the result of good-faith investigation. This post draws on publicly accessible technical data, domain records, platform metadata, and other open-source data. While the analysis identifies correlations and patterns, certain claims remain unverified and have not been formally established in legal proceedings. The findings should be understood as an evidence-based assessment of observable data, not a determination of wrongdoing.
Suspicious Consulting Firms Targeting Foreign Policy and Defense Professionals
My name is Max Lesser and I work with Ari at Foundation for Defense of Democracies. I collaborated with my intern Thomas Crehan on this analysis.
On June 30, 2026, Bill Hayton, a China specialist, posted on X, asking “Has anyone else heard of the ‘Institute of East Asia Strategic Studies’ apparently based in Singapore since 2019? They seem to be approaching Western security analysts. Is it just another front organization for China’s Ministry of State Security?” Hayton also shared a related domain: ieass[.]com.
Figure: X post from Bill Hayton on June 30, 2026, mentioning the “Institute of East Asia Strategic Studies, which claims to be based in Singapore, reaching out to Western security analysts
Ieass[.]com presents itself as a website for a Singaporean geopolitical advisory firm. Domain infrastructure analysis of ieass[.]com reveals that it is very likely connected to two other similar websites presenting themselves as geopolitical advisory firms: easi-policy[.]com and sgas-strategy[.]com. As of July 9, 2026, none of these websites disclose connections to each other, such as mentioning a relationship on their respective webpages. A fourth domain also shares several – but not all – common technical features with these three domains, and it also presents itself as a geopolitical advisory firm: northriver-asia[.]org.
Figure: IEASS Home Page, including a “hiring” banner
The network spanning ieass[.]com, easi-policy[.]com, sgas-strategy[.]com and the likely related domain – northriver-asia[.]org – exhibit qualities consistent with previous Chinese virtual espionage operations. Though more work can be done to strengthen attribution, this analysis aims to proactively flag these websites as suspicious so that current and former government officials and foreign policy professionals can be alert if approached by individuals or personas associated with these firms.
Technical Indicators Tie Together ieass[.]com, easi-policy[.]com, and sgas-strategy[.]com
As mentioned above, China policy expert Bill Hayton first flagged the domain ieass[.]com on X. Ieass[.]com served as the initial lead for this investigation.
DNS records, accessed via the DomainTools Iris platform, show that ieass[.]com has nearly-identical registration and infrastructure profiles to two other domains, easi-policy[.]com and sgas-strategy[.]com. Specific technical indicators are withheld here to avoid providing threat actors a roadmap for future evasion; vetted researchers may request additional detail.
Additionally, multiple technical features show that all three sites appear to use Lovable, an AI-enabled site builder platform. For example, as per URLScan[.]io, scripts across all three websites are served by an origin whose reverse DNS resolves to an endpoint associated with Lovable, lovable-app-cd-1-4[.]p[.]l5e[.]io.
All three websites also were registered within a two-month period, and easi-policy[.]com and sgas-strategy[.]com were registered within three days of each other: ieass.com was registered on 2026‑03‑21, easi-policy.com was registered on 2026‑05‑09, and sgas-strategy[.]com was registered on 2026‑05‑12.
Figure: EASI Home Page
Based on the nearly-identical registration and infrastructure profiles, ieass[.]com, easi-policy[.]com, and sgas-strategy[.]com very likely share common ownership and control. All three sites were also built using Lovable, an AI-enabled site-builder platform, consistent with rapid, low-cost deployment of the cluster. Despite this, we did not identify any overt cross-references between the sites (e.g., mutual citations, shared bylines, or partner listings) as of July 9, 2026. Combined with each site’s distinct, unrelated branding, this absence of visible linkage suggests the owner or operator of the websites intends [AF1] to conceal the connection between the domains.
Shared qualities across ieass[.]com, easi-policy[.]com, sgas-strategy[.]com
In addition to infrastructure overlap, ieass[.]com, easi-policy[.]com, sgas-strategy[.]com share similar qualities. All three present themselves as websites for geopolitical advisory firms, respectively named Institute of East Asia Strategic Studies (IEASS), East Asia Strategic Insights (EASI), and Sentinel Global Affairs & Strategy (SGAS). IEASS and EASI claim to be based in Singapore, and SGAS claims to be based in Paris.
All three websites have similar target profiles on their “Career” or “Partnerships” pages. SGAS’s explicitly says it seeks professionals with “experience in government, armed forces, international organizations or consulting.” EASI’s seeks partnerships with those who “hold deep experience across politics, military, diplomacy, industry or markets.” IEASS does not explicitly call for people with experience in politics, government, or the military, but it advertises job listings for a “Remote Geopolitical Consultant” and a “LinkedIn Remote Recruitment Specialist.” Additionally, IEASS and SGAS appear to have LinkedIn pages.
As of July 7, 2026, no entities with matching profiles appear in corporate records databases such as OpenCorporates or Sayari. On top of this, several websites display inconsistencies or strange content casting doubt on whether they represent authentic consulting firms.
For example, the homepage of gas-strategy[.]com lists the coordinates 52.5200°N, 13.4050°E as its “Paris Operations,” but these coordinates correspond to Berlin, Germany, not Paris. The team page for SGAS anonymizes the names of its staff members by only showing initials. EASI highlights “Media Mentions” for Tier-1 media outlets such as Reuters on its homepage, but web searches did not corroborate that these quotes are authentic. Its research page also provides arrows linking to “public commentary” that cannot actually be clicked.
Northriver-asia[.]org’s plausible connection to the network
A fourth domain, northriver-asia[.]org, also has infrastructure overlap with the network and exhibits similar behaviors, presenting itself as a geopolitical advisory firm based in London. The associated website also uses Lovable.
On top of these shared technical indicators, northriver-asia[.]org also presents itself as a geopolitical advisory firm. The website, however, has indicators of inauthenticity that are even more glaring than the other sites. For example, while the website almost exclusively uses English, the site’s “People” page appears to mistakenly include simplified Chinese-language text reiterating the title of ones of its claimed employees.
Northriver-asia[.]org lists +1 202 555 0174 for its Washington D.C contact. This number falls within the 555-0100 through 555-0199 range, which is reserved for fictitious and non-functional numbers used for entertainment and advertising uses. Similarly, Northriver-asia[.]org lists a London number, +44 (0)20 7946 0188, and an out-of-hours number, +44 (0)20 7946 0199, on their contact page; both fall within Ofcom’s 020 7946 0000 to 020 7946 0999 drama-number range. Moreover, northriver-asia[.]org claims to be a registered UK charity with registered Charity “No. 1149732,” but the UK Charity Commission lists that number as belonging to the Kurdish Council of Imams & Preachers in Britain. Finally, the website claims a London address at 32 Old Queen Street, London SW1H, which appears to be a historic rowhome in London.
Because northriver-asia[.]org does not share the most distinctive infrastructure tie that is shared among ieass[.]com, easi-policy[.]com, sgas-strategy[.]com, it is less clear whether it shares ownership and control with these domains. At the same time, the website has a similar profile to the other websites, suggesting that it represents similar activity and may share operational ties. Unlike the other three domains, northriver-asia[.]org does not appear to have a career or partnership page seeking resumes or applications from professionals with political, government, or military experience. However, the website’s profile suggests that it may be used for this purpose in the future.
Conclusion
Hayton’s X post provided an investigative lead that revealed a broader network of at least three websites, and one likely related website, all representing suspicious geopolitical advisory firms. The network of three domains explicitly targets professionals with former government or military experience. While concrete attribution requires further research, the above analysis is sufficient to establish that these websites are suspicious. Moreover, they fit the profile of historical Chinese virtual espionage campaigns, which often use inauthentic geopolitical advisory firms that target former government and military personnel, and which historically operate networks of websites that share infrastructure but conceal their true connection to each other.
This research was published with the intention of building situational awareness of suspicious activity and enabling proactive takedown of the domains and associated profiles or job listings on professional networking and freelancing websites.





