The UK has officially attributed a major cyberattack on the Electoral Commission to China. The attack compromised the personal data of approximately 40 million voters, marking the first direct implication of China since the breach came to light.
The breach, disclosed by the Electoral Commission in August of the previous year, was initially identified in October 2022. However, it was confirmed that hostile actors gained unauthorised access to the organisation’s systems as early as August 2021.
During the breach, attackers succeeded in obtaining reference copies of the electoral registers, containing the names and addresses of UK voters registered between 2014 and 2022, as well as details of overseas voters and the internal email system of the watchdog.
Over the weekend, reports emerged indicating that a group of MPs and peers critical of China had also been targeted by cyber attacks originating from the country. Deputy Prime Minister Oliver Dowden confirmed on Monday that the country had attempted to spy on the emails of 43 MPs and peers.
In response to the malicious cyber activities against parliamentarians, a front company named Wuhan Xiaoruizhi Science and Technology, along with two individuals, Zhao Guangzong and Ni Gaobin, linked to the APT31 hacking group, have been sanctioned.
Cybersecurity experts from across the industry have weighed in on the news:
“Since that time, we’ve seen the Chinese government grow increasingly bold in their attacks on Western government’s information systems. Even though it is early in the investigation, this case in the UK bears similar markers to that of the OPM attack. Without more details, it is hard to say with any degree of certainty about the identity of the attackers.”
“In terms of response, the conventional option is to sanction individuals responsible, though this will likely not yield satisfactory results. To my knowledge, none of the individuals associated with the OPM breach who were sanctioned by the US Government have been arrested. A bolder step might include more direct cyber action, but this has the potential to escalate already heightened tensions between the UK (and the West) and China.”
“The danger of this attack is that it underscores the ability of a major global power to act in a way designed for intelligence gathering but also intimidation, without fear of significant recourse. This is also a vulnerable time for the UK, leading up to an election that might see a significant change in government. If this is, indeed, proven to be the work of the Chinese government, the challenge for the UK government will be to mount a penalty that is effective in deterring these actions without taking away much-needed diplomatic energy from supporting Ukraine against Russian aggression, or bringing an end to the war and humanitarian crisis in Gaza.”
Jamie Akhtar, Co-Founder and CEO at CyberSmart:
“Sadly, this isn’t likely to be the last time we discuss nation-state attacks on the UK, particularly with an election later this year. Cyber warfare and espionage between states have become a regular feature of geopolitics in the twenty-first century.”
“However, it does emphasise the continuing need for the UK to continually refine its holistic cybersecurity strategy. Defence needs to go further than protection for state institutions. As we’ve seen time and again, nation-state actors will also target businesses that provide services to the government too. Without a defence strategy that incorporates every aspect of society, from small businesses to schools to state bodies, nation-state actors will keep finding new routes in.”
Javvad Malik, lead security awareness advocate at KnowBe4:
“Such attacks are not new but follow a pattern where China, as well as other nation-states, have been implicated in cyber espionage activities aimed at gathering significant data that can be leveraged for multiple purposes, including but not limited to influencing political outcomes, understanding internal policy debates, and setting the stage for more aggressive cyber campaigns.”
“Nation state attacks are often perceived as being highly sophisticated, and while there sometimes is the use of custom malware to compromise systems and exfiltrate data without detection; the vast majority of breaches are successful due to spear-phishing campaigns, and exploitation of software vulnerabilities.”
“The impact of such a breach on UK-Sino relations could be profound. It’s likely to escalate tensions, leading to diplomatic strain and potentially resulting in retaliatory actions in the cyber domain or other areas of bilateral cooperation. Moreover, this situation necessitates a robust response not only in terms of securing compromised systems and preventing further breaches but also in reinforcing the international legal and norms-based systems governing state behaviour in cyberspace.”
“To mitigate the aftermath and prevent future incidents, it’s crucial for nations to invest in stronger cybersecurity defences, international collaboration, and developing capabilities to deter adversaries in the cyberspace domain. Additionally, fostering a culture of security awareness among political entities and the general public plays an essential role in defending against such sophisticated attacks.”
Victor Acin, Head of Threat Intel Research, Outpost24:
“APT31” is a Chinese-state-sponsored APT group. The group focuses on targeting multiple sectors, including government, international financial organizations, and aerospace and defense organizations, as well as high-tech, construction and engineering, telecommunications, media, and insurance sectors. Among their targeting, the group has also been compromising software providers and other supply chain organizations, likely to access customers’ data or networks. Behind this selection of victims, there is a clear espionage goal, with the group trying to gather information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages.
They have been mainly but not exclusively focusing on European and North American regions, and their activity has been publicly denounced on several occasions by governmental authorities. In 2021, the High Representative of the European Council published a declaration urging the Chinese authorities to take action against malicious cyber activities undertaken from its territory, more specifically, the compromise and exploitation of Microsoft Exchange servers attributed to “APT40” and APT31.
This activity was not limited to the European Union but extended worldwide, forcing other countries to join the accusation. Aside from this worldwide campaign against Exchange servers in early 2021, their espionage activity against specific countries in other European has also been denounced. APT31 has also been appointed guilty by Microsoft researchers for attacking high-profile individuals associated with the presidential election from 2020, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community.
