olavs - stock.adobe.com

Chinese hackers responsible for two ‘malicious’ cyber campaigns against UK

Government sanctions two Chinese nationals and a Chinese company identified as responsible for cyber campaigns against government officials and members of parliament

Chinese state affiliated hackers were responsible for two malicious cyber attack campaigns targeting UK parliamentarians and democratic institutions, Oliver Dowden told the Commons.

The deputy prime minister said the National Cyber Security Centre (NCSC), part of GCHQ, had identified a Chinese state-affiliated hacking group responsible for infiltrating the IT systems of the UK Electoral Commission between 2021 and 2023.

A Chinese state-affiliated group, known as APT31, also conducted reconnaissance activities against UK parliamentarians in a separate campaign in 2021, Dowden revealed. “This is the latest in a clear pattern of hostile activity originating in China, including the targeting of democratic institutions and parliamentarians in the United Kingdom and beyond,” he said. “Taken together, the United Kingdom judges that these actions demonstrate a clear and persistent pattern of behaviour that signals hostile intent against China.”

Dowden announced that the government was applying sanctions to two individuals and a front company linked to the Chinese state-affiliated hacking group, known as Advanced Persistent Threat Group 31 (APT31).

The Foreign, Commonwealth and Development Office summoned the Chinese ambassador to the UK to answer questions about the hacking attacks.

Dowden’s comments came as the US Department of Justice charged seven Chinese nationals, linked to APT31 with conspiracy to commit computer intrusions and conspiracy to commit wire fraud.

According to the US indictment, the group targeted email accounts of lawmakers in the European Union (EU) and the UK who were members of the Inter-Parliamentary Alliance on China (IPAC), a group set up to counter the threats posed by the Chinese Communist Party to democratic principles. The targets included every EU member of IPAC, and 43 UK parliamentary accounts, most of whom were members of IPAC or had been outspoken on the People’s Republic of China.

China ‘held to account’

Dowden said the UK would continue to engage with China, but not hesitate to take “swift and robust” actions wherever the Chinese government threatens the UK’s interest. “This government will continue to hold China and other state actors accountable for their actions,” he said. “We will also take serious action to prevent this behaviour from affecting our security.”

Dowden told the Commons that Chinese state-linked hackers were highly likely to have been behind a hacking operation that compromised the Electoral Commission between 2021 and 2022.

The Electoral Commission disclosed in August 2023 that it had been subject to a major cyber attack in 2021, which remained undetected for 12 months.

A Chinese state-affiliated hacking group was able to access voting registers including the names and addresses of everybody in the UK who registered to vote between 2014 and 2022, including those who opted to keep their details off the open register and the names of registered overseas voters.

Separately, the APT31 group conducted what Dowden described as “reconnaissance activity” against UK parliamentarians, which, according to the US Department of Justice, impacted 43 lawmakers and officials. “Our political processes and institutions have not been harmed by these attacks,” he said.

The APT 31 Group, part of a cyber espionage programme run by the Ministry of State Security’s Hubei State Security Department, in Wuhan, targeted political dissidents, inside and outside China, and government officials, candidates and campaign staff overseas, including the UK.

MPs demand tougher line

During an earlier press conference on Monday 25 March, former Conservative Party leader Iain Duncan Smith, Tim Loughton MP and Stewart McDonald MP, who are understood to have had their emails targeted by APT31, called for the government to take a tougher line on China.

Duncan Smith said he had been a victim of impersonation for some time. Someone pretending to be him had used a fake email address, and emailed politicians around the world falsely stating that Duncan Smith had recounted his views.

“We know that many of us have hacking attempts, some fairly shallow attempts, but nonetheless hacking and some more serious,” he said.

Stewart McDonald SNP MP, whose emails had previously been accessed by Russian hacking group Star Blizzard in a phishing attack, said the influence of China was wider than a foreign policy issue, and affected the UK’s energy, universities, political system and critical national infrastructure.

The three MPs criticised the UK for failing to impose any sanctions on Chinese officials responsible for destroying freedoms in Hong Kong, and urged it to place China in the “Enhanced Tier” of the new Foreign Influence Registration Scheme, which is designed to protect the UK political system against covert foreign influence.

Government decouples from China

Dowden said the government had taken steps to limit the activities of China in the UK, including introducing an offence of foreign interference in a new National Security Act and giving government the powers to block overseas investments that could impact national security through the National Security and Investment Act.

He said the government had “significantly reduced” China’s involvement in the UK civil nuclear sector, and had put measures in place to “prevent hostile infiltration” of universities. It had also taken steps to reduce government exposure to Chinese companies Hikvision and TikTok by banning them from public buildings.

The NCSC is also working with political parties to increase the uptake of their active cyber defence services in the lead up to a general election, said Dowden. He said parliamentarians could join an opt-in service that allows the NCSC to alert high-risk individuals if they identify evidence of malicious activity.

The UK has sanctioned Wuhan Xiaoruizhi Science and Technology, and Zhao Guangzong and Ni Gaobin, members of APT31, operating on behalf of the Chinese Ministry of State Security (MSS), for cyber activities targeting officials, government entities, and parliamentarians in the UK and internationally.

Epoch-defining challenge

Speaking during a visit to Barrow-in-Furness, prime minister Rishi Sunak said China represented an “epoch-defining challenge”.

“We’ve been very clear the situation now is that China is behaving in an increasingly assertive way abroad, authoritarian at home, and it represents an epoch-defining challenge, and also the greatest state-based threat to our economic security,” he said.

Foreign secretary David Cameron said: “It is completely unacceptable that China state-affiliated organisations and individuals have targeted our democratic institutions and political processes. While these attempts to interfere with UK democracy have not been successful, we will remain vigilant and resilient to the threats we face.”

Home secretary James Cleverly said the UK’s imminent elections were secure from overseas influence. “China’s attempts at espionage did not give them the results they wanted, and our new National Security Act has made the UK an even harder target,” he said. “Our upcoming elections, at local and national level, are robust and secure.”

The Electoral Commission’s chair, John Pullinger, said the cyber attack did not impact the security of UK elections.

“In a year of significant electoral events, we remain vigilant to the risks facing our electoral process, and will continue to work with the UK’s governments and the wider electoral community to safeguard the safety of the system,” he said.

“The data accessed when this attack took place does not impact how people register, vote or participate in democratic processes. It has no impact on the management of the electoral registers or on the running of elections.”

Read more on IT risk management

Data Center
Data Management