Chinese government hackers ‘frequently’ targeting MPs, warns new report

Britain’s signals intelligence agency, GCHQ, has observed Chinese state-sponsored hackers “frequently” targeting parliamentarians in the country, according to a report from the Intelligence and Security Committee (ISC) published Thursday.

The 207-page China report concludes an inquiry launched in 2019 into how the British government is responding to the national security risks posed by Beijing. It ultimately found “the level of resource dedicated to tackling the threat … has been completely inadequate.”

Although the members of the committee had access to classified material and were able to interview intelligence personnel, the report itself was checked by security officials before being published, with all redactions marked by a triple asterisk (***).

The ISC said that the British understanding of China’s approach to cyber operations “has clearly improved in recent years,” but warned that these operations were becoming “increasingly sophisticated.”

The “known unknowns” regarding China’s hacking activities were described as “concerning” by the committee, which recommended that the security agencies’ “continuing coverage of [China’s] general capabilities must be maintained alongside further work on Chinese offensive cyber and close-proximity technical operations.”

The warning about China’s operations being “increasingly sophisticated” was written months ago but coincidentally published on the same day Microsoft announced a Chinese hacking group had exploited a bug in its cloud email service to spy on more than two dozen organizations and government agencies in the U.S. and Europe.

It is still not clear how the Chinese hackers managed to exploit the bug, with speculation that they may have been able to steal one of Microsoft’s own cryptographic keys. Microsoft has not disputed this speculation, and declined to identify the bug when asked by Recorded Future News.

Echoing warnings from multiple Western governments, the ISC reported that alongside frequent attempts to target parliamentarians — and the “routine” targeting of current and former civil servants — China is engaged in a “whole-of-state” approach “in the pursuit of its interests and values at the expense of those of the UK.”

The committee echoed warnings by security researchers and intelligence experts that China has a “large and highly effective cyber espionage capability,” which includes elements of both the Ministry of State Security (MSS) and the People’s Liberation Army (PLA) alongside “a range of non‑official actors, including so-called ‘patriotic hackers’ (to whom the state turns a blind eye) and cyber criminals.”

Its cyber operations have had “considerable success” penetrating foreign government and private sector IT systems to steal IP, gain intelligence, and “support HUMINT targeting efforts, providing useful insights into vulnerabilities or potential motivations.”

The ISC warned that “China’s sophisticated cyber capabilities could, in theory, be employed to conduct a cyber attack against UK infrastructure.”

The report highlighted the Russian attacks on the Ukrainian energy grid in 2016 and 2017 as evidence of the potential impact of an offensive cyber operation, and noted “relatively small-scale disruptions to electricity generation can have significant knock-on effects.”

As an example, it noted how “when just two British power generators went offline in August 2019 due to a lightning strike, over 1,000 train services were cancelled or delayed, and 1.1m people were left without power for up to 50 minutes.”

Chinese threat actors have broken into the computer networks of British and international companies within the energy sector, with an interest in the non-nuclear sector “primarily driven by [China’s] huge domestic demand for energy.”

The UK energy sector has been targeted, the ISC confirmed, with at least one unidentified FTSE 100 energy company being compromised and having commercially sensitive information stolen.

This activity “is made possible by the nature and scale of [China’s] intelligence apparatus,” the report states, describing it as “almost certainly… the largest state intelligence apparatus in the world – dwarfing the UK’s Intelligence Community and presenting a challenge for our Agencies to cover.”

Despite these challenges, there have been attempts to respond. GCHQ is engaged in “cyber operations that expose and disrupt the activities of Chinese state-sponsored hackers,” which is described as tactically allowing countermeasures against individual groups while strategically undermining their credibility.

The ISC warned that, in practice, the “whole-of-state” approach “means that Chinese state-owned and non-state-owned companies, as well as academic and cultural establishments and ordinary Chinese citizens, are liable to be (willingly or unwillingly) co-opted into espionage and interference operations overseas.”

The bulk of the report focuses on how “China’s size, ambition and capability have enabled it to successfully penetrate every sector of the UK’s economy” and criticizes the British government for being, until the COVID-19 pandemic, too ready to accept Chinese investment in critical domestic sectors.

“While seeking to exert influence is a legitimate course of action, China oversteps the boundary, and crosses the line into interference in the pursuit of its interests and values at the expense of those of the UK.”