UK says China aimed 'malicious cyber targeting' at democratic institutions

The British government has publicly accused Chinese state-affiliated hackers with “carrying out malicious cyber activity targeting UK institutions and individuals important to our democracy.”

In a statement to parliament on Monday, Deputy Prime Minister Oliver Dowden said the United Kingdom would not tolerate attacks against democratic institutions, and announced sanctions against two individuals and a front company linked to a hacking campaign targeting British parliamentarians.

The announcement follows China being described as posing “an epoch-defining challenge to the type of international order we want to see, both in terms of security and values,” in Britain’s most recent integrated review of its foreign, defense and security policies.

The new sanctions, including asset freezes and a travel ban, send a “clear message that the UK will not tolerate malicious cyber activity against democratic institutions and parliamentarians,” announced the Foreign Office.

Allies including from the Five Eyes and across the Indo-Pacific and Europe are also expected to make statements on Monday expressing solidarity with Westminster.

“This statement today sees the international community once again call on the Chinese government to demonstrate its credibility as a responsible cyber actor,” declared the Foreign Office.

It comes as the National Cyber Security Centre (NCSC) assessed that the hacking group APT31, previously attributed to the Chinese Ministry of State Security, had been conducting “online reconnaissance activity” against individuals in the House of Commons and House of Lords who had publicly criticized Beijing.

The sanctioned company, Wuhan Xiaoruizhi Science and Technology Company, was previously outed by China-focused exposure group Intrusion Truth. The sanctioned individuals were named as Zhao Guangzong and Ni Gaobin.

READ MORE: US sanctions alleged Chinese state hackers for attacks on critical infrastructure

The NCSC said that parliament’s internal security department detected the campaign before any email accounts were compromised.

David Cameron, the foreign secretary, said the targeting was “completely unacceptable” and that he had raised the issue with China’s foreign minister, Wang Yi.

“We will always defend ourselves from those who seek to threaten the freedoms that underpin our values and democracy. One of the reasons that it is important to make this statement is that other countries should see the detail of threats that our systems and democracies face,” said Cameron.

Electoral Commission breach

Also on Monday, the NCSC attributed last August’s hack of the country’s Electoral Commission — the independent agency overseeing voting eligibility as well as political parties' election financing — to an unspecified Chinese state-affiliated actor.

At the time, the Commission said a “high volume of personal data” had potentially been stolen, including “the name and address of anyone in the UK who registered to vote between 2014 and 2022.”

The NCSC confirmed “it is highly likely the threat actors accessed and exfiltrated email data, and data from the Electoral Register during this time.”

The agency warned this data “in combination with other data sources, would highly likely be used by the Chinese intelligence services for a range of purposes, including large-scale espionage and transnational repression of perceived dissidents and critics in the UK.”

Speaking in Tallinn, Estonia, last year, a White House official issued a warning about the ability of nation-state adversaries “to take seemingly disparate unclassified data elements and reconstruct classified information from them.”

Kemba Walden, then the acting national cyber director, warned it was a game-changer for cyber spies to have the ability to steal unclassified information and then use advanced data analysis techniques to reconstruct material with serious national security sensitivities for the target country.

Cyber thefts of defense contractor information and of very large datasets on the public — including from the credit reporting business Equifax and the U.S. Office of Personnel Management — have previously been attributed to hackers working for China.

William Evanina, the former top counterintelligence official in the U.S., told Foreign Policy magazine that Chinese technology companies were providing assistance to Beijing to process this bulk data and make it useful for China's intelligence services.

Paul Chichester, the NCSC's director of operations, said: “It is vital that organisations and individuals involved in our democratic processes defend themselves in cyberspace and I urge them to follow and implement the NCSC’s advice to stay safe online.”

“We hope relevant parties will stop spreading disinformation, take a responsible attitude and jointly safeguard peace and security in the cyberspace,” they added. “China opposes illegal and unilateral sanctions and will firmly safeguard its lawful rights and interests.”

“We hope relevant parties will stop spreading disinformation, take a responsible attitude and jointly safeguard peace and security in the cyberspace,” they added. “China opposes illegal and unilateral sanctions and will firmly safeguard its lawful rights and interests.”