Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
The UK government has publicly blamed China for two malicious cyber campaigns that targeted Britain’s elections watchdog and parliamentarians, as ministers unveiled new sanctions in response.
Oliver Dowden, deputy prime minister, attributed the cyber attacks to “China state-affiliated actors” in the House of Commons on Monday. Statements of support from the US and other allies across Europe and the Indo-Pacific were expected later in the day.
The National Cyber Security Centre, a branch of signals intelligence agency GCHQ, assessed that a China state-affiliated cyber entity was “highly likely” to have been responsible for the complex attack on the Electoral Commission between 2021 and 2022, Dowden told MPs.
The UK government did not name the Chinese organisation believed to be responsible for the breach of tens of millions of Britons’ data.
Dowden also said the NCSC had assessed it was “almost certain” that the China state-affiliated group APT31 conducted reconnaissance activity against UK parliamentarians during a separate campaign in 2021.
Most of the MPs and peers whose parliamentary email accounts were targeted in the attempted hacking campaign, which is believed to have involved spear phishing, were prominent critics of China. The government said the hacking attempts had not been successful.
Four British members of the Inter-Parliamentary Alliance on China, an international network of legislators with a hawkish stance on Beijing, were called in for a briefing with the UK parliament’s head of security at midday on Monday.
Former Conservative party leader Sir Iain Duncan Smith, former Tory minister Tim Loughton, Scottish National party MP Stewart McDonald and crossbench peer Lord David Alton were summoned to the meeting about the cyber attacks that had targeted them.
Condemning the two campaigns as the “latest in a clear pattern of malicious cyber activity by China state-affiliated organisations and individuals targeting democratic institutions and parliamentarians in the UK and beyond”, the UK unveiled fresh sanctions.
It announced an asset freeze and travel ban on Zhao Guangzong and Ni Gaobin — two members of APT31 who, the Foreign Office said, were “operating on behalf of the Chinese Ministry of State Security” and had been involved in the malign activity targeting parliamentarians and officials in the UK and internationally.
The UK also blacklisted Wuhan Xiaoruizhi Science and Technology Company Ltd, which it said was associated with APT31 and was operating on behalf of China’s MSS as part of Beijing’s “state-sponsored apparatus”.
Foreign secretary Lord David Cameron said it was “completely unacceptable that China state-affiliated organisations and individuals have targeted our democratic institutions and political processes”.
These latest attempts to interfere with British democracy had not been successful, he said, noting that the government remained “vigilant and resilient to the threats we face”.
Cameron added that he had raised the issue directly with China’s foreign minister Wang Yi. Dowden said the Foreign Office had summoned the Chinese ambassador to discuss the situation.
The Chinese embassy in London said: “The so-called cyber attacks by China against the UK are completely fabricated and malicious slanders. We strongly oppose such accusations.”
Beijing had “always firmly fought all forms of cyberattacks according to law” and opposed the “politicisation of cyber security issues”, it added.
Dowden said the UK’s public attribution was designed in part to “build wider awareness of how politicians and those involved in our democratic processes around the world are being targeted by state-sponsored cyber operations”.
The UK’s intervention came after Belgium’s cyber security agency named APT31 as the culprit behind an attack on a prominent Belgian politician in March 2023.
The alleged breach of the Electoral Commission’s systems by Beijing-linked actors echoes China’s attempts to amass a variety of other bulk data sets at population scale. The UK government does not have a specific understanding of the intended use of the data.
Ministers first announced in August 2023 that hackers had obtained the names and addresses of tens of millions of British voters in a breach of the elections regulator’s systems that began in August 2021 but was detected only in October 2022, but did not previously attribute the campaign.
Reforms of UK espionage laws that are going through parliament and were requested by Britain’s intelligence agencies were informed in part by these latest malicious cyber campaigns.
The NCSC on Monday published updated cyber guidance on defending democracy for political organisations and bodies coordinating the delivery of elections.
Home secretary James Cleverly issued an assurance that the UK’s upcoming elections, at local and national level, were “robust and secure”.
The NCSC has built up its assessment of the two malicious cyber campaigns over many months, with the UK government first contacting international partners about the alleged malign activity late last year.
In December, Britain accused Russia’s main intelligence agency of seeking to meddle in its democratic processes through a “sustained” cyber campaign since 2015.
In a press conference in Westminster on Monday, Duncan Smith urged the government to take tougher action on China and label it a “threat”.
On a visit to north-west England, UK Prime Minister Rishi Sunak warned that China was becoming “increasingly assertive”, but reiterated the government’s existing verdict of the country as an “epoch-defining challenge”.
Read the full article here
