The Pentagon’s counterintelligence agency is contracting a company with ties to China’s state financial infrastructure to identify threats posed by military companies — entities that Beijing could use to hide dangers, national security analysts disclosed to The Washington Times.
The $21.2 million contract from the Defense Counterintelligence and Security Agency was awarded to Moody’s Analytics, which is linked to a Chinese credit rating company that could be used to compromise U.S. counterintelligence activity, a review of the contract and the companies involved shows.
Moody’s Analytics owns a 30% stake in China’s main credit rating firm, which has given top financial ratings to key Chinese military companies. The Pentagon is now using Moody’s data to assess the risk posed by those companies, a move that critics say compromises intelligence assessments of them.
Additionally, Moody’s has an interest in or ownership of a network of subsidiaries within China’s financial infrastructure that are subject to Chinese military and intelligence influence and access.
The partnership between the company and its Chinese ventures and subsidiaries also is raising concerns that American companies are actively helping to legitimize and enable Chinese military-linked companies by supporting the financial infrastructure that sustains them.
The counterintelligence agency is the Pentagon’s most important agency for protecting secrets at more than 12,500 defense-industrial facilities and for finding spies and unauthorized disclosures among the nearly 3 million Americans with security clearances and access to secrets.
The Trump administration’s national defense strategy calls for rapidly modernizing the defense industrial base, and DCSA is expected to play a major role in protecting American industry from adversaries such as China.
The $21.2 million contract
The January 2025 contract grants licenses for counterspies at DCSA to use Moody’s Orbis database of 550 million foreign companies for “critical and emerging technologies information and information on the connections to sanctions on peoples or entities,” according to a federal contract document.
The document, posted on a government website, states that all contract work using the Moody’s Analytics software must provide information on “access to foreign-owned, controlled or influenced [entities], cross-border financial and technological flows, nefarious financial ties, socio-economic indices, watchlists and supply-chain data.”
National security analysts say the potential security risk is that using Orbis to trace foreign company ownership, resolve contractor problems and conduct risk assessments may indirectly rely on or use financial intelligence obtained from Chinese domestic sources, including credit rating agencies operating within China’s state-controlled financial system.
A specific security concern involves Pentagon-designated Chinese military companies that have received high credit scores from Moody’s-linked Chinese credit rating firms, specifically the main Chinese credit rating firm, China Cheng Xin International Credit Rating Co. Ltd., known as CCXI.
Three of the military companies — Aviation Industry Corp. of China, China Electronics Technology Group Corp. and China National Nuclear Corp. — all received AAA credit ratings from CCXI.
CCXI is a credit rating agency for the interbank bond market under the influence of the Chinese government.
Grading the enemy
Concerns over Moody’s Analytics’ links in China stem from the company’s 30% ownership stake in CCXI and its multiple subsidiaries in China.
Analysts said CCXI’s credit ratings of Chinese entities could affect U.S. counterintelligence’s financial assessments of how risk is assessed, normalized and potentially obscured in global financial intelligence tools now deployed by DCSA using less-secure commercial technology.
A Pentagon spokesman did not respond to requests for comment.
Moody’s spokesman Chris Cashman said any security concerns regarding the contract stem from a fundamental misunderstanding of Moody’s business and products.
Moody’s Analytics and the Chinese subsidiary of Moody’s Credit Ratings are separate businesses with distinct governance, regulatory requirements and internal safeguards, he said, noting that Moody’s Analytics does not issue credit ratings or influence credit rating outcomes in any way.
“Moody’s does not assign domestic credit ratings in China,” Mr. Cashman said. “While Moody’s has a minority stake in a domestic credit rating agency in China, it is not involved in the agency’s management, operations, analyses or ratings.”
Moody’s Analytics products, including Orbis, support customers’ research and decision‑making, with customers determining how, where and when to incorporate gathered information into their workflows, he said.
“Moody’s maintains robust governance, product controls and security standards across its global operations,” Mr. Cashman said. “We stand behind the integrity of our products and solutions and the value they provide to our customers.”
CCXI did not respond to a request for comment made through the company website.
L.J. Eads, a former Air Force intelligence officer and signals intelligence analyst, said the contract poses a “striking contradiction” for DCSA.
The agency is paying for intelligence tools from Moody’s Analytics to identify high-risk entities, while the larger Moody’s ecosystem is financially linked to a rating platform that has given top-tier credit ratings to subsidiaries of those same high-risk, U.S.-designated Chinese military companies, he said.
“By Moody’s maintaining a stake in CCXI, Moody’s is positioned inside a financial infrastructure that helps enable funding for state-owned industrial networks — including those tied to the People’s Liberation Army,” said Mr. Eads, founder of the China-focused research firm Data Abyss.
Favorable credit ratings in China are an important tool provided by a Western-linked rating firm, CCXI, signaling to investors and banks that Chinese companies engaged in building up military forces are safe financially. This, in turn, allows military companies to gain access to favorable funding and access broader capital markets.
CCXI has issued questionable financial ratings in the past. The company assigned AAA ratings to five bonds issued by the huge real estate conglomerate China Evergrande Group since 2020, which collapsed a year later in financial ruin.
Those bond ratings raise serious concerns about whether CCXI is compromised by political or commercial pressures from China’s state-linked financial sector.
A web of Chinese affiliates
DCSA stated in the contracting document that Moody’s Analytics was selected over two competitors that were unable to provide the in-depth information on private foreign equity firms, controlling personnel or the fiscal health of foreign private equity firms that Orbis provides.
In addition to its holdings in CCXI through a company called Moody’s China Ltd., Moody’s Analytics operates a network of affiliated companies engaged in financial ratings, consulting work and risk analysis.
A 2023 Securities and Exchange Commission filing by Moody’s states that its China-based subsidiaries include Moody’s Investors Service Ltd., Moody’s Information Consulting Co. Ltd., Moody’s Credit Ratings Ltd., and Risk Management Solutions Ltd.
Those affiliates are subject to the Chinese government’s military-civil fusion program that gives authorities the power to compel companies in China to funnel information from the civilian sector to the military.
Military-civil fusion is a major effort by Beijing to develop and integrate dual-use civilian technologies into China’s People’s Liberation Army, which is undergoing a major buildup of conventional, nuclear and strategic forces.
All companies operating in China are also required under a recent Chinese law to provide data and information to Chinese intelligence and security services.
David Day, chairman of the Global Risk Mitigation Foundation, views the contractual arrangement between DCSA and Moody’s as deeply disturbing because it highlights what he regards as security naivete on the part of both Moody’s and the Pentagon for failing to understand China’s opaque, manipulated financial data system.
“From an intel standpoint, this exercise practically guarantees an incorrect analysis of a given company or sector,” said Mr. Day, noting tight Chinese Communist Party control over the financial system.
“It is akin to paying a foreign agent for an intelligence product or information that you already know is compromised or wrong.”
Congress sounded the alarm
DCSA was faulted by Congress’ Government Accountability Office in 2024 for acquisition rules that fail to specifically direct the Pentagon to consider security risks when hiring consulting contractors that also have contracts with China.
“China is America’s top adversary, and foreign influence remains a key risk for the country’s national security,” GAO stated in a report, noting that Pentagon and Department of Homeland Security officials “lack specific guidance on how acquisition personnel should collect information, assess or mitigate potential national security risks when awarding contracts for consulting services.”
The GAO recommended that the defense secretary promptly update the rules for acquisition personnel to use when gathering information on foreign ownership, control or influence in awarding contracts.
Risks that ripple outward
Mr. Eads, the expert with Data Abyss, said DCSA’s industrial security office relies on Moody’s Analytics Orbis software to map ownership, foreign influence and supply chain risk, making the data and analytical outputs generated from the platform interdependent.
“They inform security determinations that propagate across the broader U.S. national security ecosystem, including defense acquisition, intelligence, and counterintelligence offices,” Mr. Eads said.
That, in turn, expands the potential security risks to other agencies and departments, such as the CIA, military acquisition offices and special investigations units, which ultimately may rely, directly or indirectly, on DCSA-derived assessments.
“That means any blind spots or embedded risk within the underlying data environment could cascade across multiple layers of national security decision-making,” Mr. Eads said.
Nick Eftimiades, a former Defense Intelligence Agency counterintelligence officer, said the problem with the contract is that CCXI is a core node in China’s domestic bond market, enabling capital access for state-owned enterprises and strategic industrial actors.
“The situation represents financial participation in capital allocation shaped by Chinese state priorities,” Mr. Eftimiades said. “It is probably not a great idea to be further entwined with China’s state-managed economy and those enterprises participating [in] the military-civil fusion.”
The CCXI AAA ratings for three U.S.-designated Chinese military companies — Aviation Industry Corp. of China, China Electronics Technology Group Corp. and China National Nuclear Corp. — are valuable tools for providing capital to industries under the military-civil fusion program.
CCXI leadership connection
Personal ties between CCXI’s leadership and Pentagon-designated military companies extend beyond ownership.
A review of CCXI’s structure shows that its co-founder and chief economist, Mao Zhenhua, served as a director of Three Gorges Capital Holdings Co. Ltd., according to Chinese bond prospectus filings.
That firm is a subsidiary of China Three Gorges Corp., which the Pentagon identified as a Chinese military company.
The most recent Pentagon list of Chinese military companies includes major multinationals with operations in the United States, such as Tencent and China Ocean Shipping Co., which, under the military-civil fusion strategy, are helping enhance the People’s Liberation Army’s military capabilities.
Many of these military-designated companies are also active bond issuers in the Chinese interbank market and benefit financially from CCXI’s ratings.
Closing security gaps
Erik Bethel, a partner at the investment firm Mare Liberum, said the problem with the DCSA contract lies in the links between Moody’s Analytics and CCXI.
It reflects a larger issue within the Pentagon: reliance on commercial data platforms for national security work and on contractors with foreign ties or shared data pipelines with companies inside adversary financial systems.
“The concern isn’t that China is stealing our data through this,” Mr. Bethel said. “It’s that we’re using a tool to vet people and supply chains using a rating system designed to make Chinese defense-linked companies look safe.”
Mr. Bethel said a solution would be to require any vendor selling due diligence or entity screening tools to the Defense Department to disclose all foreign affiliates, joint ventures and data sources and to verify that data from those affiliates is walled off from what the U.S. government sees.
Another solution would be to have DCSA cross-check information from commercial platforms against a government-maintained list of Chinese state-owned and military-linked companies, he said.
If the tool is found to be downplaying the risks posed by Chinese military firms, then cross-checking will allow for greater accuracy rather than relying on the score, he said.
Contact the author
Please read our comment policy before commenting.