The Pentagon’s counterintelligence agency is contracting a company with ties to China’s state financial infrastructure to identify threats from military firms — entities that Beijing could use to hide the dangers, national security analysts disclosed to The Washington Times.
The $21.2 million contract from the Defense Counterintelligence and Security Agency was awarded to Moody’s Analytics, which is linked to a Chinese credit rating company that could be used to compromise U.S. counterintelligence activity, a review of the contract and the companies involved shows.
Moody’s Analytics owns a 30% stake in China’s main credit rating firm that has given top financial ratings to key Chinese military companies. The Pentagon is now using Moody’s data to assess the risk posed by those companies in what critics say compromises intelligence assessments of those same companies.
Additionally, Moody’s currently has an interest or ownership in a network of subsidiaries inside China’s financial infrastructure that are subject to Chinese military and intelligence influence and access.
The partnership between the company and its Chinese ventures and subsidiaries is also raising concerns that American companies are actively helping to legitimize and enable Chinese military-linked companies by supporting the financial infrastructure that sustains them.
The counterintelligence agency is the Pentagon’s most important agency for protecting secrets at more than 12,500 defense-industrial facilities and for finding spies and unauthorized disclosures among the nearly 3 million Americans with security clearances and access to secrets.
The Trump administration’s national defense strategy calls for rapidly modernizing the defense industrial base and DCSA is expected to play a major role in protecting American industry from adversaries such as China.
The $21 million contract
The January 2025 contract grants licenses for counterspies at DCSA to use Moody’s Orbis database of 550 million foreign companies for “critical and emerging technologies information and information on the connections to sanctions on peoples or entities,” according to a federal contract document.
The document, posted on a government website, states that all contract work using the Moody’s Analytics software must provide information on “access to foreign-owned, controlled or influenced [entities], cross-border financial and technological flows, nefarious financial ties, socio-economic indices, watchlists and supply-chain data.”
National security analysts say the potential security risk is that using Orbis to trace foreign company ownership, resolving contractor problems, and carrying out risk assessments may indirectly utilize or rely on financial intelligence obtained from Chinese domestic sources, including credit rating agencies that operate within China’s state-powered financial system.
A specific security concern involves Pentagon-designated Chinese military companies that have received high credit scores from Moody’s-linked companies in China, specifically the main Chinese credit rating firm China Cheng Xin International Credit Rating Co. Ltd., known as CCXI.
Three of the military companies — Aviation Industry Corp. of China, China Electronics Technology Group Corp., and China National Nuclear Corp. — all received AAA credit ratings from CCXI.
CCXI is a credit rating agency for the interbank bond market under the influence of the Chinese government.
Grading the enemy
Concerns over Moody’s Analytics links in China are based on the company’s 30% ownership stake in the CCXI, along with multiple subsidiaries inside China.
Analysts said credit ratings of Chinese entities by CCXI could affect U.S. counterintelligence financial assessments on how risk is assessed, normalized, and potentially obscured inside global financial intelligence tools now deployed by DCSA with the less-secure commercial technology.
A Pentagon spokesman did not respond to requests for comment.
Moody’s spokesman Chris Cashman said any security concerns regarding the contract are based on a fundamental misunderstanding of Moody’s business and products.
Moody’s Analytics and China-based Moody’s Credit Ratings are separate businesses with distinct governance, regulatory requirements and internal safeguards, he said, noting Moody’s Analytics does not issue credit ratings or influence credit rating outcomes in any way.
“Moody’s does not assign domestic credit ratings in China,” Mr. Cashman said. “While Moody’s has a minority stake in a domestic credit rating agency in China, it is not involved in the agency’s management, operations, analyses or ratings.”
Moody’s Analytics products, including Orbis, support customer’s research and decision‑making, with customers determining how, where and when to incorporate gathered information into workflows, he said.
“Moody’s maintains robust governance, product controls and security standards across its global operations,” Mr. Cashman said. “We stand behind the integrity of our products and solutions and the value they provide to our customers.”
CCXI did not respond to a request for comment made through the company website.
L.J. Eads, a former Air Force intelligence officer and signals intelligence analyst, said the contract poses a “striking contradiction” for DCSA.
The agency is paying for intelligence tools from Moody’s Analytics to identify high-risk entities, at the same time, the larger Moody’s ecosystem is financially linked to a rating platform that has given top-tier credit ratings to subsidiaries of those same high-risk, U.S.-designated Chinese military companies, he said.
“By Moody’s maintaining a stake in CCXI, Moody’s is positioned inside a financial infrastructure that helps enable funding for state-owned industrial networks — including those tied to the People’s Liberation Army,” said Mr. Eads, founder of the China-focused research firm Data Abyss.
Favorable credit ratings in China are an important tool provided by a western-linked rating firm, CCXI, signaling to investors and banks that Chinese companies engaged in building up military forces are safe financially. This, in turn, allows military companies to gain access to favorable funding and access broader capital markets.
CCXI has issued questionable financial ratings in the past. The company assigned AAA ratings to five bonds issued by the huge real estate conglomerate China Evergrande Group since 2020, which collapsed a year later in financial ruin.
Those bond ratings raise serious concerns about whether CCXI is compromised by political or commercial pressures from China’s state-linked financial sector.
A web of Chinese affiliates
DCSA stated in the contracting document that Moody’s Analytics was picked over two competitors that were unable to provide the in-depth information on private foreign equity firms, foreign equity controlling personnel, or the fiscal health of foreign private equity firms that Orbis provides.
In addition to its holdings in CCXI through a company called Moody’s China Ltd., Moody’s Analytics operates a network of affiliated companies engaged in financial ratings, consulting work and risk analysis.
A 2023 Security and Exchange Commission filing by Moody’s states that its China-based subsidiaries include Moody’s Investors Service Ltd., Moody’s Information Consulting Co. Ltd., Moody’s Credit Ratings Ltd, and Risk Management Solutions Ltd.
Those affiliates are subject to the Chinese government’s military-civil fusion program that gives authorities the power to compel companies in China to funnel information from the civilian sector to the military.
Military-civil fusion is a major effort by Beijing to develop and integrate dual-use civilian technological advancements into China’s People’s Liberation Army currently undergoing a major buildup of both conventional and nuclear and strategic forces.
All companies operating in China are also required under a recent Chinese law to provide data and information to Chinese intelligence and security services.
David Day, chairman of the Global Risk Mitigation Foundation, views the contractual arrangement between DCSA and Moody’s as deeply disturbing because it highlights what he regards as security naïveté by both Moody’s and the Pentagon for failing to understand China’s opaque and manipulated financial data system.
“From an intel standpoint, this exercise practically guarantees an incorrect analysis of a given company or sector,” Mr. Day said, noting tight Chinese Communist Party control over the financial system.
“It is akin to paying a foreign agent for an intelligence product or information that you already know is compromised or wrong.”
Congress sounded the alarm
DCSA was faulted by Congress’ Government Accountability Office in 2024 for acquisition rules that fail to specifically direct the Pentagon to consider security risks when hiring consulting contractors that also have contracts with China.
“China is America’s top adversary, and foreign influence remains a key risk for the country’s national security,” GAO stated in a report, noting that Pentagon and Homeland Security officials “lack specific guidance on how acquisition personnel should collect information, assess, or mitigate potential national security risks when awarding contracts for consulting services.”
The GAO recommended that the defense secretary promptly update rules for acquisition personnel to use in gathering information on foreign ownership, control or influence when awarding contracts.
Risks that ripple outward
Mr. Eads, the expert with Data Abyss, said DCSA’s industrial security office relies on Moody’s Analytics Orbis software to map ownership, foreign influence, and supply chain risk, making the data and analytical outputs generated from the platform interdependent.
“They inform security determinations that propagate across the broader U.S. national security ecosystem, including defense acquisition, intelligence, and counterintelligence offices,” Mr. Eads said.
That in turn expands the potential security dangers at other agencies and departments, such as the CIA, military acquisition offices, and special investigations units that may ultimately rely, directly or indirectly, on DCSA-derived assessments.
“That means any blind spots or embedded risk within the underlying data environment could cascade across multiple layers of national security decision-making,” Mr. Eads said.
Nick Eftimiades, a former Defense Intelligence Agency counterintelligence officer, said the problem with the contract is that CCXI is a core node in China’s domestic bond market, enabling capital access for state-owned enterprises and strategic industrial actors.
“The situation represents financial participation in capital allocation shaped by Chinese state priorities,” Mr. Eftimiades said. “It is probably not a great idea to be further entwined with China’s state-managed economy and those enterprises participating the military-civil fusion.”
The CCXI AAA ratings for three U.S.-designated Chinese military companies — Aviation Industry Corp. of China, China Electronics Technology Group Corp., and China National Nuclear Corp. — are valuable tools in providing capital to industries in the military-civil fusion program.
CCXI leadership connection
Personal ties between CCXI’s leadership and Pentagon-designated military companies extend beyond ownership.
A review of CCXI’s structure shows that CCXI co-founder and chief economist Mao Zhenhua, worked as a director of Three Gorges Capital Holdings Co. Ltd., according to Chinese bond prospectus filings.
That firm is a subsidiary of China Three Gorges Corp. (CTG) that was identified by the Pentagon as a Chinese military company.
The most recent Pentagon list of Chinese military companies includes major multinationals with operations in the United States, including Tencent and China Ocean Shipping Co. that under the military-civil fusion strategy are helping the military capabilities of the People’s Liberation Army.
Many of these military-designated firms are also active bond issuers in the Chinese interbank market and benefit financially from CCXI’s ratings.
Closing security gaps
Erik Bethel, partner in the investment firm Mare Liberum, said the problem with the DCSA contract are the links between Moody’s Analytics and CCXI.
It reflects a larger issue within the Pentagon of relying on commercial data platforms for national security work and contractors with foreign ties or shared data pipelines with companies inside adversary financial systems.
“The concern isn’t that China is stealing our data through this,” Mr. Bethel said. “It’s that we’re using a tool to vet people and supply chains using a rating system designed to make Chinese defense-linked companies look safe.”
Mr. Bethel said a solution would be to require any vendor selling due diligence or entity screening tools to the Defense Department to disclose all foreign affiliates, joint ventures, and data sources, and to verify that data from those affiliates is walled off from what the U.S. government sees.
Another solution would be to have DCSA cross-check information supplied by commercial platforms with a government-maintained list of Chinese state-owned and military-linked companies, he said.
If the tool is found to be downplaying the risks of Chinese military firms, the cross-checking will allow greater accuracy instead of trusting the score, he said.
