Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Cyber security agency says China behind ‘malicious’ cyber attacks on UK

The National Cyber Security Centre said its assessment shows China-backed actors targeted parliamentarians and the Electoral Commission.

Martyn Landi
Monday 25 March 2024 12:14 EDT
The National Cyber Security Centre said it believes a China-backed group was responsible for a campaign of online spying against the email accounts of a group of MPs and peers critical of China (PA)
The National Cyber Security Centre said it believes a China-backed group was responsible for a campaign of online spying against the email accounts of a group of MPs and peers critical of China (PA) (PA Wire)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

China state-affiliated cyber actors were behind the “malicious” targeting of parliamentarians and a cyber attack on the Electoral Commission, the National Cyber Security Centre (NCSC) has said.

The UK’s cyber security agency, which is part of GCHQ, said it believes a China-backed group known as APT31 was responsible for a campaign of online spying against the email accounts of a group of MPs and peers critical of China.

APT31 has previously been accused of targeting other government entities and political figures around the world, including attacks on the Finnish parliament and Norwegian government IT systems in recent years, as well as an attack on Microsoft Exchange servers in 2021.

The malicious activities we have exposed today are indicative of a wider pattern of unacceptable behaviour we are seeing from China state-affiliated actors against the UK and around the world

Paul Chichester, NCSC

The NCSC said it had also attributed the compromise of computer systems at the Electoral Commission between 2021 and 2022 to a Chinese-backed actor in a separate incident.

The cyber security agency said the attack on the Electoral Commission was likely to have seen email data accessed and exfiltrated for use by the Chinese intelligence services.

When the attack was made public last year, it was confirmed that the hackers had been able to access reference copies of the electoral registers, held by the commission for research purposes and to enable permissibility checks on political donations.

The registers held at the time of the cyber attack include the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.

But they did not include the details of those registered anonymously.

The register for each year holds the details of around 40 million individuals, which were accessible to the hostile actors, although this includes people on the open registers, whose information is already in the public domain.

The NCSC said it believed it was highly likely this data would be used by the Chinese intelligence services for large-scale espionage campaigns and to repress perceived critics of China in the UK.

On the targeting of Members of Parliament, the NCSC said the cyber campaign against email accounts had been identified and successfully mitigated by Parliament’s own security department before any accounts could be compromised.

It is vital that organisations and individuals involved in our democratic processes defend themselves in cyberspace and I urge them to follow and implement the NCSC’s advice to stay safe online

Paul Chichester, NCSC

Paul Chichester, NCSC director of operations, said: “The malicious activities we have exposed today are indicative of a wider pattern of unacceptable behaviour we are seeing from China state-affiliated actors against the UK and around the world.

“The targeting of our democratic system is unacceptable and the NCSC will continue to call out cyber actors who pose a threat to the institutions and values that underpin our society.

“It is vital that organisations and individuals involved in our democratic processes defend themselves in cyberspace and I urge them to follow and implement the NCSC’s advice to stay safe online.”

The Electoral Commission said the attack “did not have an impact on the security of UK elections, and resilience has been strengthened since the attack”.

As part of the response to the attacks, the NCSC said it had updated its guidance for political organisations with further advice on how to reduce the likelihood of cyber attacks.

Al Lakhani, founder and chief executive of cyber security firm IDEE, said the Government needed to be more robust in its cyber security response.

When it comes to something as important as national security, relying on outdated cybersecurity solutions that detect attacks, but stop short of preventing them, is nothing short of dangerous

Al Lakhani, cyber security firm IDEE

“International relations are built on good faith, mutual interests and a fair bit of give and take,” he said.

“But these are all completely opposed to good cybersecurity practices, which must be built on zero trust.

“The Government is blatantly tiptoeing around the issue, evidently paralysed by the fear of alienating global superpowers, but the result is compromised personal data and undermining confidence in electoral processes.

“To avoid these awkward situations, the Government needs to find better ways of protecting its systems and data.

“When it comes to something as important as national security, relying on outdated cybersecurity solutions that detect attacks, but stop short of preventing them, is nothing short of dangerous.

“A general election is on the horizon, and the threat of international interference is huge.

“So, I hope that lessons have been learnt from past breaches, that this marks a turning point in the UK’s cyber security preparedness, and that we move towards a digitally secure future rooted in identity proofing and transitive trust.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in