The UK and the United States have accused China of a global campaign of “malicious” cyber attacks in an unprecedented joint operation to reveal Beijing’s espionage.
Britain has publicly blamed China for targeting the UK Electoral Commission watchdog and for being behind a campaign of online “reconnaissance” aimed at the email accounts of politicians.
Chinese spies are likely to use the stolen details to target dissidents and critics of Xi Jinping’s government in the UK, British intelligence services believe.
US officials said the APT31 hacking group spent more than a decade targeting the sensitive data of politicians, journalists, academics, dissidents and American companies.
The “prolific global hacking operation”, backed by the Chinese government, sought to “repress critics of the Chinese regime, compromise government institutions, and steal trade secrets,” US deputy attorney general Lisa Monaco said.
The hackers sent more than 10,000 “malicious” emails to the targets to gain access to personal information, US prosecutors said, adding the criminals threatened to “undermine democracies and threaten our national security”.
The US charged seven of the alleged Chinese hackers on Monday.
Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians https://t.co/nL5Wuh7mev
— US Attorney EDNY (@EDNYnews) March 25, 2024
The UK said Beijing-linked hackers were behind the attack on the Electoral Commission which exposed the personal data of 40 million voters, as well as 43 individuals including MPs and peers.
A front company, Wuhan Xiaoruizhi Science and Technology Company, and two individuals, Zhao Guangzong and Ni Gaobin, linked to the APT31 hacking group were sanctioned in response to the hacks.
However, some of the British politicians targeted by Beijing said the response did not go far enough.
They urged the British government to toughen its stance on China by labelling it a “threat” to national security rather than an “epoch-defining challenge”, and to put China in the “enhanced” tier under the Foreign Influence Registration Scheme.
Conservative former minister Tim Loughton told Sky News: “We’re going to sanction two people, two pretty lowly officials, and one private company, which employs 50 people. That is just not good enough.”
Deputy prime minister Oliver Dowden, who announced the measures in a parliamentary statement, appeared to suggest China could soon be declared a “threat”.
Cabinet tensions have reportedly surfaced over the issue, with some ministers pushing for tougher action on Beijing while others are resistant over concerns it could harm economic and trade relations.
British foreign secretary David Cameron said the actions were “completely unacceptable” and he had raised the issue with his Chinese counterpart Wang Yi.
The Chinese ambassador has also been summoned to the Foreign Office to account for his country’s actions.
Hostile actors were active in our systems and had access to servers which held our email, control systems, and copies of the electoral registers. We have since worked with external security experts and the National Cyber Security Centre to investigate and secure our systems.
— Electoral Commission (@ElectoralCommUK) August 8, 2023
The Electoral Commission attack was identified in October 2022, but the hackers had been able to access the commission’s systems containing the details of tens of millions of voters for more than a year by that point.
The registers held at the time of the cyberattack include the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.
The National Cyber Security Centre (NCSC), part of GCHQ, said it was likely that Chinese state-affiliated hackers stole emails and data from the electoral register.
This, in combination with other data sources, was highly likely to have been used by Beijing’s intelligence services for large-scale espionage and transnational repression of perceived dissidents and critics based in the UK.
There is no suggestion the hack had any impact on the largely paper-based UK electoral system.
Mr Dowden insisted the UK local elections in May and the general election later this year would be safe from Chinese cyberattacks.
The UK acted with support from allies in the Five Eyes intelligence-sharing partnership, which also includes the US, Canada, Australia and New Zealand, in identifying the Chinese-linked cyber campaigns.
On Tuesday, New Zealand alleged hackers linked to the Chinese government launched a state-sponsored operation that targeted the country’s parliament in 2021.
Minister responsible for the Government Communications Security Bureau (GCSB), Judith Collins, said in a statement: “The GCSB’s National Cyber Security Centre (NCSC) completed a robust technical assessment following a compromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021, and has attributed this activity to a PRC (China) state-sponsored group known as APT40.
“Fortunately, in this instance, the NCSC worked with the impacted organisations to contain the activity and remove the actor shortly after they were able to access the network.”
She added New Zealand will not follow the UK and US in sanctioning China as the country does not have a law allowing such penalties.
The Chinese government strongly denied that it had carried out, supported or encouraged cyberattacks on the UK, describing the claims as “completely fabricated and malicious slanders”.
A spokesperson for China’s embassy in London said: “China has always firmly fought all forms of cyberattacks according to law.
“China does not encourage, support or condone cyberattacks.
“At the same time, we oppose the politicisation of cybersecurity issues and the baseless denigration of other countries without factual evidence.
“We urge the relevant parties to stop spreading false information and stop their self-staged, anti-China political farce.”