On Monday, the UK and its allied global partners held Chinese state-affiliated organizations and individuals responsible for two cyber campaigns targeting democratic institutions and parliamentarians. Their stance garnered support from partner nations across the Indo-Pacific and Europe.
The National Cyber Security Centre (NCSC) identified a breach of the UK Electoral Commission systems, likely orchestrated by a Chinese state-linked entity between 2021 and 2022. Additionally, the Advanced Persistent Threat Group 31 (APT31), affiliated with the Chinese state, was determined to have conducted reconnaissance activities against UK Parliamentarians in 2021.
In a prompt response to these activities, the Chinese Embassy in London was summoned to the Foreign, Commonwealth and Development Office. The UK also issued sanctions against a front company and two individuals aligned with APT31.
Deputy Prime Minister of the United Kingdom, Oliver Dowden, spoke on the determination of the UK government to defend its democratic system against cyber attacks, stressing the need to hold China accountable for its “ongoing patterns of hostile activity targeting… collective democracies.” Lord Cameron, the Foreign Secretary, also expressed strong condemnation against the Chinese state entities disrupting democratic institutions and political processes, while underscoring the UK’s commitment to protecting its democracy.
However, the Chinese Embassy in London denounced what it referred to as the UK’s “sinister action”, arguing that the UK’s accusation of China’s involvement in malicious cyber campaigns is unfounded and tantamount to ‘malicious slander’. The statement reiterated China’s principle of non-interference in each other’s internal affairs and denied any interest or need to meddle in the UK’s internal matters.
The UK Electoral Commission had previously disclosed a cyber attack on August 8, 2023, allowing hostile actors to access electoral registers with voters details from 2014 to 2022. In response, the Electoral Commission’s Chief Executive, Sean McNally, confirmed that significant efforts had been made to bolster the commission’s IT systems.
The entire episode reflects the escalating geopolitical tensions and changing cybersecurity landscape, underscoring the urgency for corporations and governments to comprehensively strengthen their digital security infrastructure and protocols.