Cyber security agency says China behind ‘malicious’ cyber attacks on UK

25 March 2024, 16:24

A woman’s hand pressing a key of a laptop keyboard
National Cyber Security Centre report. Picture: PA

The National Cyber Security Centre said its assessment shows China-backed actors targeted parliamentarians and the Electoral Commission.

China state-affiliated cyber actors were behind the “malicious” targeting of parliamentarians and a cyber attack on the Electoral Commission, the National Cyber Security Centre (NCSC) has said.

The UK’s cyber security agency, which is part of GCHQ, said it believes a China-backed group known as APT31 was responsible for a campaign of online spying against the email accounts of a group of MPs and peers critical of China.

APT31 has previously been accused of targeting other government entities and political figures around the world, including attacks on the Finnish parliament and Norwegian government IT systems in recent years, as well as an attack on Microsoft Exchange servers in 2021.

The NCSC said it had also attributed the compromise of computer systems at the Electoral Commission between 2021 and 2022 to a Chinese-backed actor in a separate incident.

The cyber security agency said the attack on the Electoral Commission was likely to have seen email data accessed and exfiltrated for use by the Chinese intelligence services.

When the attack was made public last year, it was confirmed that the hackers had been able to access reference copies of the electoral registers, held by the commission for research purposes and to enable permissibility checks on political donations.

The registers held at the time of the cyber attack include the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.

But they did not include the details of those registered anonymously.

The register for each year holds the details of around 40 million individuals, which were accessible to the hostile actors, although this includes people on the open registers, whose information is already in the public domain.

The NCSC said it believed it was highly likely this data would be used by the Chinese intelligence services for large-scale espionage campaigns and to repress perceived critics of China in the UK.

On the targeting of Members of Parliament, the NCSC said the cyber campaign against email accounts had been identified and successfully mitigated by Parliament’s own security department before any accounts could be compromised.

Paul Chichester, NCSC director of operations, said: “The malicious activities we have exposed today are indicative of a wider pattern of unacceptable behaviour we are seeing from China state-affiliated actors against the UK and around the world.

“The targeting of our democratic system is unacceptable and the NCSC will continue to call out cyber actors who pose a threat to the institutions and values that underpin our society.

“It is vital that organisations and individuals involved in our democratic processes defend themselves in cyberspace and I urge them to follow and implement the NCSC’s advice to stay safe online.”

The Electoral Commission said the attack “did not have an impact on the security of UK elections, and resilience has been strengthened since the attack”.

As part of the response to the attacks, the NCSC said it had updated its guidance for political organisations with further advice on how to reduce the likelihood of cyber attacks.

Al Lakhani, founder and chief executive of cyber security firm IDEE, said the Government needed to be more robust in its cyber security response.

“International relations are built on good faith, mutual interests and a fair bit of give and take,” he said.

“But these are all completely opposed to good cybersecurity practices, which must be built on zero trust.

“The Government is blatantly tiptoeing around the issue, evidently paralysed by the fear of alienating global superpowers, but the result is compromised personal data and undermining confidence in electoral processes.

“To avoid these awkward situations, the Government needs to find better ways of protecting its systems and data.

“When it comes to something as important as national security, relying on outdated cybersecurity solutions that detect attacks, but stop short of preventing them, is nothing short of dangerous.

“A general election is on the horizon, and the threat of international interference is huge.

“So, I hope that lessons have been learnt from past breaches, that this marks a turning point in the UK’s cyber security preparedness, and that we move towards a digitally secure future rooted in identity proofing and transitive trust.”

By Press Association

More Technology News

See more More Technology News

AI study

Action needed to protect election from AI disinformation, study says

Dr Laura Cinti looks up at an E.woodii plant growing in a glasshouse at Kew Gardens

AI enlisted in the hunt for female partner for lonely ancient plant

A mobile phone next to a telecoms mast near Dundry, Somerset

Pace required to hit targets on rural mobile signal unsustainable, report says

A NatWest sign

NatWest apologises to customers after mobile and online banking suffer outages

Greg Clark

AI regulators in UK are ‘under-resourced’, warns science committee chairman

Openreach engineer

Plans to build full fibre broadband in more than 500 new places unveiled

TikTok strategy

Tory TikTok launch ‘pathetic’ compared with Labour’s ‘savvier’ approach – expert

Person using laptop

More than 300 million children a year face sexual abuse online, study suggests

There are calls for mobile phones to be totally banned for under 16s

Calls for mobile phones to be totally banned for under 16s

A young girl using a mobile phone (picture posed by model)

Next government should consider banning phones for under-16s, report says

Sir Chris Bryant

AI should be used to develop an app which detects skin cancer, Labour MP says

Handout image from Microsoft of its Copilot virtual assistant displayed on a laptop screen

Microsoft expanding Copilot AI assistant to organise meetings and support teams

Solar panels on a house roof

Octopus Energy launches ‘buy now, pay later’ for solar panels

Raspberry Pi

Raspberry Pi set for June IPO in welcome boost for London market

A person using a laptop

Nations agree to develop shared risk thresholds for AI as Seoul summit closes

Microsoft new equiment

Data regulator looking into Microsoft’s AI Recall feature