Priya PatelTLDR:
- The UK formally accuses China of cyber campaigns against MPs and voters.
- The National Cyber Security Centre states that a Chinese state-affiliated entity compromised the systems of the UK Electoral Commission and stole personal data of millions of voters.
The UK has ramped up allegations of Chinese cyber hacking, accusing China of cyber campaigns against members of Parliament and the UK Electoral Commission. The National Cyber Security Centre revealed that a Chinese state-affiliated entity compromised the systems of the UK Electoral Commission between 2021 and 2022, resulting in the theft of personal data of millions of voters. Despite initial attribution to Russia, the NCSC now blames China for the cyber attack. The Foreign, Commonwealth and Development Office has summoned the Chinese Ambassador to the UK and sanctioned a front company associated with APT31, a Chinese Advanced Persistent Threat group. Additionally, two APT31 members have been sanctioned, with assets frozen and UK citizens and businesses barred from handling their funds or resources.
The attack on the Electoral Commission was identified and mitigated by Parliament’s Security Department before any accounts could be compromised. While China’s attempts at espionage did not yield desired results, concerns about potential uses of stolen data on UK citizens remain. The UK’s move follows a warning from the Five Eyes nations about an unprecedented threat from Chinese espionage. Security firm Sentinel Labs has also noted Chinese cyber espionage targeting government bodies in Asia and Europe. The extensive planning involved in state-sponsored cyber espionage illustrates the challenges in understanding and responding to such threats in the cyber domain.
