China launched cyberattacks on electoral data and MPs as part of ‘large-scale espionage’, ministers claim

Attacks targeted at the Electoral Commission and directly at several MPs critical of the Beijing regime have been attributed by ministers to actors working on behalf of the Chinese state

The government has announced that the Chinese state was responsible for “malicious cyber campaigns” which compromised personal data on millions of UK voters and attempted to spy on MPs and peers.

For a period that began in 2021 and lasted more than a year, a “China state-affiliated cyber actor” was responsible for an unauthorised intrusion onto the systems of the Electoral Commission, according to the government.

The attribution of the attack to Beijing comes seven months after the regulator announced that, during the breach, attackers had gained access to sensitive data in the commission’s email system, and also to electoral registration databases containing the name, address – and in some cases birth date – of everyone who registered to vote in the UK from 2014 to 2022, as well as everyone registered as an overseas voter.

About 40 million UK citizens are understood to have been impacted.

But the government said that “the malicious cyber activity has not had an impact on electoral processes, has not affected the rights or access to the democratic process of any individual, nor has it affected electoral registration”.

Also targeted in 2021 by China-backed cyberattackers were various parliamentarians – understood to encompass a number of MPs and peers that have criticised the Chinese regime, including former Conservative leader Iain Duncan Smith and fellow Tory MP Tim Loughton, and SNP member Stewart McDonald. This trio have indicated that they were among those subject the government claims were subject to “reconnaissance activity” coordinated by Beijing.

Related content

But, according to the government, the “parliamentary cybersecurity team identified this reconnaissance and were able to confirm that no accounts had been compromised”.

The attacks attributed today were characterised by government as “the latest [examples] in a clear pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians in the UK and beyond”.

The Chinese ambassador to the UK has been summoned to a meeting with the Foreign, Commonwealth and Development Office. The department – and its counterpart in the US – has also issued sanctions against two individuals and a “front company” that allegedly led the attacks.

Deputy prime minister, Oliver Dowden said: “The UK will not tolerate malicious cyber activity targeting our democratic institutions. It is an absolute priority for the UK Government to protect our democratic system and values. The Defending Democracy Taskforce continues to coordinate work to build resilience against these threats. I hope this statement helps to build wider awareness of how politicians and those involved in our democratic processes around the world are being targeted by state-sponsored cyber operations. We will continue to call out this activity, holding the Chinese government accountable for its actions.”

In response to ministers’ announcement, a statement from the Chinese embassy in the UK said: “The so-called cyberattacks by China against the UK are completely fabricated and malicious slanders. We strongly oppose such accusations. China has always firmly fought all forms of cyberattacks according to law. China does not encourage, support or condone cyberattacks.”

Sam Trendall

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *