Chinese spies are likely to use data stolen through the election watch hack to target dissidents and critics of Xi Jinping’s government in the UK, according to British intelligence services.
The UK Government has publicly blamed Beijing for targeting the Electoral Commission and being behind an online “exploration” campaign targeting the email accounts of MPs and peers.
A front company, Wuhan Xiaoruizhi Science and Technology Company, and two people, Zhao Guangzong and Ni Gaobin, linked to the hacking group APT31 have been sanctioned in response to the malicious cyber activity against the parliamentarians.
Foreign Secretary Lord Cameron said the actions were “totally unacceptable” and raised the issue with his Chinese counterpart Wang Yi.
The Chinese ambassador was also sent to the Foreign Office to account for his country’s actions.
Deputy Prime Minister Oliver Dowden, who announced the measures in a statement to the Commons, said: “The UK will not tolerate malicious cyber activity targeting our democratic institutions.”
The Electoral Commission attack was identified in October 2022 but the hackers were able to access the commission’s systems containing the data of tens of millions of voters for more than a year by that point.
The registers held at the time of the cyber attack include the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.
The National Cyber Security Center (NCSC), part of GCHQ, said it was likely that Chinese state-affiliated hackers stole emails and data from the election program.
It was highly likely that Beijing’s intelligence services used this, in combination with other sources of data, to carry out large-scale espionage and transnational repression of perceived dissidents and critics based in the UK.
There is no suggestion that the hack has had any impact on the UK’s largely paper-based electoral system.
Hostile actors were active in our systems and had access to servers that held our email, our control systems, and copies of the electoral registers. We have since worked with outside security experts and the National Cyber Security Center to investigate and secure our systems.
— Electoral Commission (@ElectoralCommUK) August 8, 2023
John Pullinger, chairman of the Electoral Commission, said the announcement “shows the international threats facing the UK’s democratic process and its institutions” but insisted the attack had “no impact on UK electoral security”.
APT31 certainly carried out the separate campaign against MPs and peers in 2021, officials said, with most of those targeted being prominent critics of the Chinese government.
Parliament’s security department identified and mitigated the cyber campaign before any accounts could be compromised, the NCSC said.
Former Tory leader Sir Iain Duncan Smith, a member of the Inter-Parliamentary Alliance on China (Ipac), said critics of the Beijing government had “been subject to harassment, impersonation and attempted hacking from China for some time”, but would not MPs being “bullied into silence by Beijing”.
He added: “We must now enter a new era of relations with China, dealing with the contemporary Chinese Communist Party as it really is, not as we want it to be.
“Today’s announcement should be a decisive moment in which the UK stands up for the values of human rights and the rules-based international system on which we depend.”
Foreign Secretary Lord Cameron said: “It is completely unacceptable that state-affiliated organizations and individuals in China have targeted our democratic institutions and political processes.
“While these attempts have not succeeded in disrupting UK democracy, we will remain vigilant and resilient in the face of the threats we face.”
The UK acted with the support of allies in the Five Eyes intelligence-sharing partnership, which also includes the United States, Canada, Australia and New Zealand, to identify cyber campaigns linked to the Chinese.
Mr Dowden said: “I hope this statement will help raise wider awareness of how state-sponsored cyber operations are targeting politicians and those involved in our democratic processes around the world.”
The Chinese government has strongly denied that it has carried out, supported or encouraged cyber-attacks on the UK, describing the claims as “completely fabricated and malicious”.
A spokesman for the Chinese embassy in London said: “China has always firmly fought all forms of cyber-attacks in accordance with the law. China does not encourage, support or condone cyber attacks. At the same time, we oppose the politicization of cyber security issues and the dispossession of other countries without factual evidence.
“We call on the relevant parties to stop spreading false information and stop their self-righteous, anti-China political whistling.”
With local elections in May and a general election later this year, the NCSC has updated advice for political organizations including parties and think tanks to reduce the risk of cyber attacks.
Home Secretary James Cleverly insisted the upcoming elections were “strong and secure”.
Paul Chichester, NCSC director of operations, said: “The malicious activities we have uncovered today are indicative of a wider pattern of unacceptable behavior we are seeing from Chinese state-affiliated actors against the UK and around the world.
“Targeting our democratic system is unacceptable and the NCSC will continue to call out cyber actors who threaten the institutions and values that underpin our society.”
The front organization linked to APT31 and individuals will be hit with asset freezes and travel bans under the sanctions regime.
The announcement increased Tory pressure on Rishi Sunak to get tougher on China, including labeling it a threat to the UK.
On a visit to Barrow on Monday morning, the Prime Minister repeated the language used in the Government’s integrated review of defense and foreign policy: “We are very clear that the situation now is that China is behaving in a more assertive manner abroad, authoritarian at home and the challenge of the times, and also the greatest state-based threat to our economic security.”