UK calls out China state-affiliated actors for malicious cyber targeting of UK democratic institutions and parliamentarians

The UK government has called out China state-affiliated actors today (Monday) for carrying out malicious cyber activity targeting UK institutions and individuals important to our democracy.

The National Cyber Security Centre – a part of GCHQ – assesses that the China state-affiliated cyber actor APT31 was almost certainly responsible for conducting online reconnaissance activity in 2021 against the email accounts of UK parliamentarians, most of whom have been prominent in calling out the malign activity of China.

Separately, the compromise of computer systems at the UK Electoral Commission between 2021 and 2022 has also been attributed to a China state-affiliated actor. The NCSC assesses it is highly likely the threat actors accessed and exfiltrated email data, and data from the Electoral Register during this time.

The data, in combination with other data sources, would highly likely be used by the Chinese intelligence services for a range of purposes, including large-scale espionage and transnational repression of perceived dissidents and critics in the UK.

To help bolster the UK’s cyber resilience, the NCSC has today published updated guidance in its Defending Democracy collection for political organisations – such as parties and thinktanks – and organisations coordinating the delivery of elections, with advice on how to reduce the likelihood of cyber attacks.

Paul Chichester, NCSC Director of Operations, said:

“The malicious activities we have exposed today are indicative of a wider pattern of unacceptable behaviour we are seeing from China state-affiliated actors against the UK and around the world.

“The targeting of our democratic system is unacceptable and the NCSC will continue to call out cyber actors who pose a threat to the institutions and values that underpin our society.

“It is vital that organisations and individuals involved in our democratic processes defend themselves in cyberspace and I urge them to follow and implement the NCSC’s advice to stay safe online.”

The cyber campaign against the parliamentary email accounts of members across both Houses of Parliament was identified and successfully mitigated by Parliament’s Security Department before any accounts could be compromised.

The compromise of systems at the UK Electoral Commission was made public last year after steps had been taken to remediate and recover, with support from the NCSC.