The National Cyber Security Centre (NCSC) has identified organisations affiliated to the Chinese state as the source of two series of cyber attacks on democratic institutions in the UK.
It said it is “highly likely” that a Chinese entity was responsible for an attack on Electoral Commission systems in 2021-22 and “almost certain” that a group labelled Advanced Persistent Threat Group 31 (APT31) conducted reconnaissance activity against UK parliamentarians in 2021.
The majority of those targeted in the second series of attacks were prominent in calling out the malign activity of China, but this was identified by Parliament’s cyber security team and no parliamentary accounts were successfully compromised, the UK Government said.
It added that it believes these behaviours were part of large scale espionage campaign, and said it ws “completely unacceptable”.
In response, the Foreign, Commonwealth and Development Office has summoned the Chinese ambassador to the UK, and sanctioned a front company and two individuals said to be members of APT31. Concurrently, the US is designating the same persons and entity for malicious cyber activity.
Protecting democracy a priority
Deputy Prime Minister Oliver Dowden said: “The UK will not tolerate malicious cyber activity targeting our democratic institutions. It is an absolute priority for the UK government to protect our democratic system and values. The Defending Democracy Taskforce continues to coordinate work to build resilience against these threats.
“I hope this statement helps to build wider awareness of how politicians and those involved in our democratic processes around the world are being targeted by state-sponsored cyber operations.
“We will continue to call out this activity, holding the Chinese government accountable for its actions.”
NCSC said it is highly that the attacks on the Electoral Commission succeeded in accessing and exfiltrating emails and data from the Electoral Register. In combination with data from other sources it could be used by Chinese intelligence sources for espionage and transnational repression of perceived dissidents and critics in the UK.
Calling out cyber actors
The organisation’s director of operations, Paul Chichester, said: “The targeting of our democratic system is unacceptable and the NCSC will continue to call out cyber actors who pose a threat to the institutions and values that underpin our society.
“It is vital that organisations and individuals involved in our democratic processes defend themselves in cyberspace and I urge them to follow and implement the NCSC’s advice to stay safe online.”
NCSC has recently published new Defending Democracy guidance for political organisations, joining its guidance for organisations such as local authorities involved in coordinating elections.
It has previously warned about the threat from China state-linked cyber capabilities, including from APT31 which was previously linked to the Chinese Ministry of State Security in 2021 following a compromise of Microsoft Exchange Server.
More recently, the NCSC has warned about Chinese state sponsored actors using ‘living off the land’ techniques to evade detection on compromised critical infrastructure networks.
