Priya PatelTLDR:
- The UK government has blamed China for a 2021 hack targeting millions of voters’ data.
- Chinese-backed threat actors accessed personal details in August 2021, leading to a data breach involving the UK Electoral Commission and parliamentarians’ email accounts.
The UK government has accused China of carrying out hacking campaigns against UK institutions and political figures in 2021. The National Cyber Security Centre (NCSC) led an investigation that linked Chinese-backed threat actors to a cyber-attack that accessed the personal details of millions of voters in August 2021. The Electoral Commission revealed that the attack, which occurred in August 2021, was first discovered in October 2022. The NCSC assessed that the attack originated from China and stated that the data stolen could be used by Chinese intelligence services for espionage.
Separately, the NCSC also concluded that the Chinese-affiliated threat actor APT31 was responsible for conducting online reconnaissance activity against the email accounts of UK parliamentarians in 2021. The NCSC stated that these cyber-attacks were identified and mitigated before any accounts could be compromised.
The UK government issued sanctions against a Chinese-affiliated organization and two individuals involved in these malicious campaigns. China has denied involvement in the attacks, with the Chinese Foreign Ministry spokesperson calling the UK accusations “false information” and urging dialogue and cooperation. Cybersecurity experts have raised questions about the purpose of the data theft and the potential impact on UK-China relations.
The UK has released new ‘Defending Democracy’ guidance to help organizations and individuals involved in democratic processes defend against cyber-attacks. This guidance includes recommendations for implementing security measures such as controls against spear-phishing and DDoS attacks, as well as setting up multifactor authentication on cloud services.
