Pierluigi Paganini
March 26, 2024
GCHQ’s National Cyber Security Centre believes that China-linked cyberespionage group APT31 was responsible for cyber attacks against UK parliamentarians’ emails in 2021.
The UK intelligence believes that China-linked threat actors also compromised the UK Electoral Commission’s systems in a separate campaign.
“The UK government has called out China state-affiliated actors today (Monday) for carrying out malicious cyber activity targeting UK institutions and individuals important to our democracy.
The National Cyber Security Centre – a part of GCHQ – assesses that the China state-affiliated cyber actor APT31 was almost certainly responsible for conducting online reconnaissance activity in 2021 against the email accounts of UK parliamentarians, most of whom have been prominent in calling out the malign activity of China.” reads the press release published by the NCSC.
“Separately, the compromise of computer systems at the UK Electoral Commission between 2021 and 2022 has also been attributed to a China state-affiliated actor.”
The NCSC has assessed that threat actors likely accessed and stole email data and other information from the Electoral Register. The UK intelligence warns that combining the compromised data with other datasets, Chinese intelligence services can obtain precious source information for various malicious activities, including espionage and suppressing dissidents and critics in the UK. To enhance the UK’s cyber resilience, the NCSC has issued updated guidance in its Defending Democracy series, offering advice to political organizations and election coordinators on how to minimize the risk of cyber attacks.
“The malicious activities we have exposed today are indicative of a wider pattern of unacceptable behaviour we are seeing from China state-affiliated actors against the UK and around the world.”
“The targeting of our democratic system is unacceptable and the NCSC will continue to call out cyber actors who pose a threat to the institutions and values that underpin our society.” said Paul Chichester, NCSC Director of Operations.
“It is vital that organisations and individuals involved in our democratic processes defend themselves in cyberspace and I urge them to follow and implement the NCSC’s advice to stay safe online.”
Australia and New Zealand condemned China for cyber operations against UK institutions and Members of the UK Parliament.
“New Zealand stands with the United Kingdom in its condemnation of People’s Republic of China (PRC) state-backed malicious cyber activity impacting its Electoral Commission and targeting Members of the UK Parliament. The use of cyber-enabled espionage operations to interfere with democratic institutions and processes anywhere is unacceptable,” Minister Responsible for the Government Communications Security Bureau (GCSB) Judith Collins says.
The GCSB also collected evidence that links China-linked threat actors to malicious cyber activity targeting Parliamentary entities in New Zealand.
“The GCSB’s National Cyber Security Centre (NCSC) completed a robust technical assessment following a compromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021, and has attributed this activity to a PRC state-sponsored group known as APT40,” Ms Collins says.
“Fortunately, in this instance, the NCSC worked with the impacted organisations to contain the activity and remove the actor shortly after they were able to access the network.”
The Australian Government also expressed concerns about the malicious activities associated with the malicious activities carried out by China-linked threat actors.
“The Australian Government joins the United Kingdom and other international partners in expressing serious concerns about malicious cyber activities by China state-backed actors targeting UK democratic institutions and parliamentarians.” reads a statement published by the Australian Foreign Minister.
“The persistent targeting of democratic institutions and processes has implications for democratic and open societies like Australia. This behaviour is unacceptable and must stop.”
On Monday, the US government announced sanctions against a pair of Chinese hackers (Zhao Guangzong and Ni Gaobin), alleged members of the China-linked APT31 group, who are responsible for “malicious cyber operations targeting U.S. entities that operate within U.S. critical infrastructure sectors.”
The U.S. Treasury Department has sanctioned a tech company based in Wuhan, the Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), used by the Chinese Ministry of State Security (MSS) as a front in attacks against organizations in the U.S. critical infrastructure sector.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, UK)
