Cyber security agency says China behind ‘malicious’ cyber attacks on UK

China state-affiliated cyber actors were behind the “malicious” targeting of parliamentarians and a cyber attack on the Electoral Commission, the National Cyber Security Centre (NCSC) has said.

The UK’s cyber security agency, which is part of GCHQ, said it believes a China-backed group known as APT31 was responsible for a campaign of online spying against the email accounts of a group of MPs and peers critical of China.

APT31 has previously been accused of targeting other government entities and political figures around the world, including attacks on the Finnish parliament and Norwegian government IT systems in recent years, as well as an attack on Microsoft Exchange servers in 2021.

The NCSC said it had also attributed the compromise of computer systems at the Electoral Commission between 2021 and 2022 to a Chinese-backed actor in a separate incident.

The cyber security agency said the attack on the Electoral Commission was likely to have seen email data accessed and exfiltrated for use by the Chinese intelligence services.

When the attack was made public last year, it was confirmed that the hackers had been able to access reference copies of the electoral registers, held by the commission for research purposes and to enable permissibility checks on political donations.

The registers held at the time of the cyber attack include the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.

But they did not include the details of those registered anonymously.

The register for each year holds the details of around 40 million individuals, which were accessible to the hostile actors, although this includes people on the open registers, whose information is already in the public domain.

The NCSC said it believed it was highly likely this data would be used by the Chinese intelligence services for large-scale espionage campaigns and to repress perceived critics of China in the UK.

On the targeting of Members of Parliament, the NCSC said the cyber campaign against email accounts had been identified and successfully mitigated by Parliament’s own security department before any accounts could be compromised.

Paul Chichester, NCSC director of operations, said: “The malicious activities we have exposed today are indicative of a wider pattern of unacceptable behaviour we are seeing from China state-affiliated actors against the UK and around the world.

“The targeting of our democratic system is unacceptable and the NCSC will continue to call out cyber actors who pose a threat to the institutions and values that underpin our society.

“It is vital that organisations and individuals involved in our democratic processes defend themselves in cyberspace and I urge them to follow and implement the NCSC’s advice to stay safe online.”

The Electoral Commission said the attack “did not have an impact on the security of UK elections, and resilience has been strengthened since the attack”.

As part of the response to the attacks, the NCSC said it had updated its guidance for political organisations with further advice on how to reduce the likelihood of cyber attacks.

Al Lakhani, founder and chief executive of cyber security firm IDEE, said the Government needed to be more robust in its cyber security response.

“International relations are built on good faith, mutual interests and a fair bit of give and take,” he said.

“But these are all completely opposed to good cybersecurity practices, which must be built on zero trust.

“The Government is blatantly tiptoeing around the issue, evidently paralysed by the fear of alienating global superpowers, but the result is compromised personal data and undermining confidence in electoral processes.

“To avoid these awkward situations, the Government needs to find better ways of protecting its systems and data.

“When it comes to something as important as national security, relying on outdated cybersecurity solutions that detect attacks, but stop short of preventing them, is nothing short of dangerous.

“A general election is on the horizon, and the threat of international interference is huge.

“So, I hope that lessons have been learnt from past breaches, that this marks a turning point in the UK’s cyber security preparedness, and that we move towards a digitally secure future rooted in identity proofing and transitive trust.”