Yesterday, Deputy Prime Minister Oliver Dowden addressed Parliament regarding the 2021 cyber attacks on the Electoral Commission, which compromised the personal data of millions of UK voters. Despite this revelation surfacing only towards the end of last year, it took several additional months to reach the point where blame could be assigned.
Although speculation had hinted at China鈥檚 involvement in the attacks, it has been officially confirmed today. Chinese state-affiliated entities have been identified as responsible for the breach of voter data from the Electoral Commission, alongside other digital offences targeting various private sectors.
This development raises significant questions about UK-China relations, which not long ago seemed poised to enter a 鈥淕olden Age鈥, as well as underscoring the broader concerns听about the state of broader private sector security.
鈥渕alicious cyber campaigns鈥
听
In a newly issued press release, the UK government has publicly identified Chinese state-affiliated entities and individuals responsible for two 鈥渕alicious cyber campaigns targeting democratic institutions and parliamentarians.鈥
According to findings from the National Cyber Security Centre (NCSC), a division of GCHQ, there is strong evidence suggesting the involvement of a Chinese state-affiliated entity in the cyber attack on the UK Electoral Commission system between 2021 and 2022. Additionally, the NCSC asserts with high confidence that the Advanced Persistent Threat Group 31 (APT31), linked to the Chinese state, conducted reconnaissance operations targeting UK parliamentarians in a separate campaign in 2021.
The 2021 parliamentary campaign was primarily aimed at individuals vocal in condemning China鈥檚 malign activities. Notably, this likely includes members such as former Conservative leader Sir Iain Duncan Smith, former minister Tim Loughton, and SNP鈥檚 Stewart McDonald, who are part of the Inter-Parliamentary Alliance on China, known for scrutinizing and frequently criticizing Beijing鈥檚 actions.
Despite these targeted efforts, it appears that no parliamentary accounts were successfully compromised.
The UK鈥檚 Response: A Little Too Late?
听
The UK government has proceeded to call this 鈥渁 clear pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians in the UK and beyond.鈥
In response to the events, the Foreign, Commonwealth and Development Office has today summoned the Chinese Ambassador to the UK and sanctioned a front company and 2 individuals who are members of APT31.
Foreign Secretary Lord Cameron said: 鈥淚t is completely unacceptable that China state-affiliated organisations and individuals have targeted our democratic institutions and political processes. While these attempts to interfere with UK democracy have not been successful, we will remain vigilant and resilient to the threats we face.鈥
Despite assertions from Lord Cameron and Mr Dowden that 鈥渢he UK will not tolerate malicious cyber activities aimed at our democratic institutions,鈥 is this show of bravado all a little too late? Questions must arise over听whether this display of resolve against the Eastern superpower should have been made a priority sooner.
Mr Loughton has emphasised that the government has long failed to take the 鈥渟trategic threat鈥 from China seriously, emphasising the need for significant sanctions against senior Chinese officials due to ongoing issues such as the aforementioned cyber attacks.
Jamie Moles, Technical Manager at ExtraHop, echoed similar sentiments in a comment to 91探花: 鈥淭he breach must act as a wake-up call for the entire UK. State-sponsored attacks are on the rise, and critical infrastructure is a prime target.鈥
More from News
- From Workouts To Managing Jetlag: The British Tech Scale-Up That Just Hit One Million Users Globally Appoints New CEO
- Hackers Tricked Instagram鈥檚 AI To Leak Your Log In Details 鈥 How Can Users Stay Protected?
- New Research Reveals The UK鈥檚 Top 10 鈥淔uture-Ready鈥 Cities
- New Research Shows How Elections Are Impacting The Job Market 鈥 Here鈥檚 How
- Is London Becoming The World鈥檚 Next AI Capital?
- Google鈥檚 AI Can鈥檛 Even Spell 鈥淕oogle鈥 鈥 So Why Is It Replacing Search?
- Will AI Labels Actually Save YouTube From AI Slop?
- The Rise Of 鈥淣ew Brand鈥 Cybercrime Groups And The Business Of Ransomware
Private Sector Security Concerns
听
Despite the UK government鈥檚 emphasis on severing ties with China, including the rejection or reduction of Chinese infrastructure, in defence of British safety, doubts persist regarding the extent to which the UK will act and whether our private sector and infrastructure are truly secure.
After all, in response to the government鈥檚 pledge to reduce Chinese infrastructure, Energy Minister Andrew Bowie has insisted that the government maintains a 鈥減ragmatic relationship鈥 with Beijing, citing reports of China鈥檚 EVE Energy planning to invest in a battery plant in the West Midlands.
This not only leads to serious concerns about the safety of UK infrastructure but, having endured numerous successful cyber attacks in recent years, can it really be said that the state of our private sector is any more secure?
John Hultquist, Chief Analyst, Mandiant Intelligence at Google Cloud, tells 91探花: 鈥淭he private sector remains a major target for cyber espionage, which is ironically often carried out by private sector contractors working for intelligence services. The makers of healthcare, defence, and chip technology are of special interest to these actors, and there鈥檚 little doubt this information will be used to undermine these companies in the market.
鈥淲e are no longer in the era of brazen, loud intrusions against wide swaths of the economy. The activity we see now is far more narrowly focused and far better than it once was. Chinese cyber espionage is stealthier and more advanced than before. They have invested in better tactics, and those investments are paying off.鈥
As such, even if the UK now begins to prioritise building resilience against these threats, it鈥檚 important to note that, as pointed out by Mr Hultquist, so too will China鈥檚 attempts at espionage, which will continue to adapt and persist.
Nevertheless, with global allies supporting the UK against what it terms a 鈥渓arge-scale espionage campaign,鈥 the UK is still positioning itself as a leader among democratic institutions, steadfastly denouncing unacceptable cyber attacks.
Strengthening its defences against such incidents, initiatives like the Defending Democracy Taskforce and the National Security Act 2023 equip government bodies, Parliament, security services, and law enforcement agencies with the necessary tools to combat hostile activities. While this all sounds promising, ultimately, the efficacy of these measures in safeguarding the UK鈥檚 private sector and its citizens remains to be seen, so we must wait with bated breath to see how events unfold.
听
