News Hub

UK and US accuse China of cyberattacks, NCSC releases cybersecurity guidance

Written by Tue 26 Mar 2024

The US and the UK have officially accused China as the perpetrators behind ‘malicious’ cyberattacks targeting politicians, journalists, and businesses. Meanwhile, the National Cyber Security Centre (NCSC) has published updated guidance in its Defending Democracy collection for political organisations to help reduce cyberattacks.

Dubbed Advanced Persistent Threat 31 (APT31), the cyber operation was said to be orchestrated by China’s Ministry of State Security and employed sophisticated phishing tactics to compromise email systems and global networks. 

Among the targets were White House staffers, US senators, British parliamentarians, and government officials critical of Beijing.

“The data, in combination with other data sources, would highly likely be used by the Chinese intelligence services for a range of purposes, including large-scale espionage and transnational repression of perceived dissidents and critics in the UK,” said the NCSC.

The UK has sanctioned two Chinese nationals, Zhao Guangzong and Ni Gaobin, along with Wuhan Xiaoruizhi Science and Technology Company, accused of being associated with APT31.

“The malicious activities we have exposed today are indicative of a wider pattern of unacceptable behaviour we are seeing from China state-affiliated actors against the UK and around the world,” said Paul Chichester, Director of Operations at the NCSC. 

The Chinese embassy in the UK has dismissed these allegations as baseless slander.

The UK Sanctions

As part of the sanctions, the UK will freeze assets belonging to Zhao Guangzong, Ni Gaobin, and Wuhan Xiaoruizhi Science and Technology Company. This will prohibit UK citizens and businesses from accessing or managing their funds or resources. A travel ban will also prevent them from entering or staying in the UK.

UK Deputy Prime Minister, Oliver Dowden, said the UK judges these actions taken by the threat actors as a ‘clear and persistent pattern of behaviour’ that signals hostile intent from China.

“We will not hesitate to take swift and robust actions wherever the Chinese government threatens the UK’s interests,” said Dowden.

Dowden also praised a committee that tracks election threats, the Defending Democracy taskforce, with identifying China-affiliated organisations and individuals behind cyber operations.

Former British Army and UK Government intelligence specialist, and co-founder of Ecliptic Dynamics, Tom Kidwell, said the proposed sanctions from the UK to China marked a huge shift in the rhetoric against the Chinese State by the UK.

“Publicly accusing another member of the UN security council of attempting to influence or disrupt your election process is significant… providing hard evidence of a direct link to Chinese state involvement will be difficult to release into the public domain,” said Kidwell.

Kidwell added that finding out the methodology of the attack or gaining a small insight into its scope, is the most the nation can hope to learn at this point. 

The UK Electoral Commission Hack

UK officials have implicated those sanctioned in a hack potentially accessing data on tens of millions of UK voters held by the Electoral Commission. They are also accused of cyber-espionage against lawmakers critical of China. 

Notably, The Guardian reported the Foreign Office clarified the hack of election registers did not disrupt electoral processes or individual rights, nor affect electoral registration.

In October 2022, suspicious activities led to the discovery that the Commission’s systems had been compromised. Investigations revealed hostile actors had gained unauthorised access to the Commission’s servers as early as August 2021.

These servers housed the Commission’s emails, control systems, and copies of the electoral registers. The attackers could view reference copies of electoral registers from 2014 to 2022, including details of UK residents and overseas voters, but not anonymous registrations.

“While much of this data is already in the public domain, we understand the concern this may cause,” said the Electoral Commission on X (formerly Twitter).

The Parliamentary Reconnaissance Attack

British cybersecurity officials reported Chinese Government-affiliated hackers conducted reconnaissance on British parliamentarians critical of Beijing in 2021. No parliamentary accounts were successfully compromised.

The Guardian reported instances of harassment, failed hacking attempts, and impersonations targeting former Conservative leader Sir Iain Duncan Smith, former minister Tim Loughton, and SNP’s Stewart McDonald by groups aiming to influence foreign dignitaries.

McDonald likened the UK’s response to entering a ‘gunfight with a wooden spoon’. The MPs have urged the UK to designate China as a threat, with Smith calling for more sanctions against Chinese government actors. He criticised the Deputy Prime Minister’s statement as inadequate but acknowledged it as a watershed moment for human rights.

Smith revealed being he was being impersonated by a proponent of the Chinese Government, who had been sending emails falsely suggesting he had been altering his views on Beijing. 

Smith said he believed China should face greater scrutiny and regulation under a new foreign influence registration system, particularly targeting operations supported by the Chinese Government in the UK.

“To our belief in democracy, human rights, freedom of expression, freedom of worship. These are the things that we hold dear, but we seem reluctant to want to defend those against the others who hold none of those virtues and values and want to take ours from us,” said Smith as reported by The Guardian.

The US Sanctions

The US Department of Justice has charged Zhao, Ni, and five other hackers with conspiracy to commit computer intrusions and wire fraud. This charge is part of a 14-year cyber operation aimed at US and foreign critics, businesses, and political officials.

“Today’s announcements underscore the need to remain vigilant to cybersecurity threats and the potential for cyber-enabled foreign malign influence efforts, especially as we approach the 2024 election cycle,” said  Matthew G. Olsen, Assistant Attorney General at the National Security Division at the US Department of Justice.

The Department of Justice said the hacking campaign sent over 10,000 malicious emails with hidden tracking links, enabling APT 31 to gather information such as locations and IP addresses of Government officials critical of China’s policies. Targets included White House staff and election campaign workers from both major parties.

The US Department of Justice said it will continue to leverage ‘all tools to disrupt malicious cyber actors’ who threaten national security and aim to repress fundamental freedoms worldwide.

Calls for Robust Data Protection Intensify

Al Lakhani, CEO of phishproof multifactor organisation, IDEE, said to avoid these situations, the Government ‘needs to find better ways of protecting its systems and data.

“When it comes to something as important as national security, relying on outdated cybersecurity solutions that detect attacks, but stop short of preventing them, is nothing short of dangerous. A general election is on the horizon, and the threat of international interference is huge,” said Lakhani.

Lakhani added that this marks a ‘turning point in the UK’s cybersecurity preparedness’, and that the nation will move towards a digitally-secure future rooted in identify proofing and transistive trust.

Andy Ward, Vice President International at endpoint and zero trust security company, Absolute Software, said addressing cybersecurity challenges requires a resilient framework to enhance network oversight and establish a strong defensive posture.

 “As the UK faces an increase in cyber threats, we must aim to boost cybersecurity through threat protection, attack deterrence, and defence preparation, ensuring clear visibility and effective network control,” said Ward.

Ward added that adopting a culture of resilience that integrates cybersecurity is a fundamental part of the Ministers’ role, to protect the access to personal details of UK voters.

CEO of Riversafe, Suid Adeyanju, agreed with this sentiment, stressing these attacks show no sign of slowing down and leave UK voters vulnerable to access personal details.

“This leads to an urgent call for a comprehensive strategy against cyber threats by Ministers, ensuring data is firmly secured,” said Adeyanju. 

NCSC Publishes New Guidance

In line with the news of the UK sanctions against China, the NCSC has released new guidance as part of its Defending Democracy collection. The guidance is aimed at political organisations, including parties and think tanks, as well as organisations involved in coordinating elections.

This guidance offered advice on reducing the risk of cyberattacks to improve the UK’s digital resilience. It also provided recommendations for implementing security measures to prevent common cyber threats, like spear-phishing and DDoS attacks, and stressed the importance of setting up multi-factor authentication for cloud and internet-connected services. 

The guidance also suggests directions for electoral management systems’ protection, advising steps for organisations like local authorities involved in coordinating elections.

Join Tech Show London

12-13 March 2025, ExCeL London

Be a part of the latest tech conversations and discover pioneering innovations.

You won’t want to miss one of the most exciting technology events of the year.

Written by Tue 26 Mar 2024

Send us a correction Send us a news tip