Chinese state-backed hackers were responsible for two malicious digital campaigns targeting Britain’s democratic institutions and politicians, security services have discovered.
Britain holds China responsible for a lengthy cyber attack on the electoral commission, which allegedly gave Beijing access to the personal data of about 40 million voters.
The National Cyber Security Centre, part of GCHQ, also found that four British parliamentarians critical of Beijing were targeted in a separate attack, although the activity was identified before any systems were compromised.
Two individuals and a front company linked to the Chinese state-sponsored cyber group APT31, which has ties to China’s Ministry of State Security and is believed to be behind the hack, have been hit with sanctions by Britain as a result.
Oliver Dowden, the deputy prime minister, told MPs that Beijing’s attempts to interfere in British democracy and politics had been unsuccessful, although the government was criticized for being too slow to respond.
“The UK will not tolerate malicious cyber activity that targets our democratic institutions. It is an absolute priority for the UK government to protect our democratic system and our values,” he said.
“I hope this statement helps create broader awareness of how politicians and those involved in our democratic processes around the world are being targeted by state-sponsored cyber operations. We will continue to call out this activity and hold the Chinese government accountable for its actions.”
Since the attacks in 2021 and 2022, Britain has strengthened its cyber defenses, he said. This included setting up the Defending Democracy Taskforce and introducing the National Security Act 2023, which gave security forces and law enforcement agencies greater powers to disrupt hostile activities.
However, the head of an international group of parliamentarians focused on China said the British government had been too slow to respond to cyber attacks, especially considering the Electoral Commission hack was first discovered in 2022.
MPs and colleagues are among 43 people the government appears set to confirm have been targeted by Chinese state-backed cyber attacks.
Luke de Pulford, executive director of the Inter-Parliamentary Alliance on China (Ipac), told the BBC that the government was “a bit reluctant to say that China had actually done this”.
“There appears to be a reluctance in general to hold China to account for its abuses,” he said, adding that Britain had so far imposed sanctions on some mid-level officials in China over violations of the rights in Xinjiang, but had failed to do so. take similar action against Hong Kong, despite Britain’s historic role in the territory.
David Cameron, the Foreign Secretary, has raised the cyber attacks on Britain’s democratic institutions directly with Chinese Foreign Minister Wang Yi.
“It is completely unacceptable that Chinese state organizations and individuals have targeted our democratic institutions and political processes. While these attempts to disrupt British democracy have not been successful, we will remain vigilant and resilient in the face of the threats we face,” Cameron said.
“We will always defend ourselves against those who seek to threaten the freedoms that underpin our values and democracy. One of the reasons it is important to make this statement is so that other countries should see the details of the threats facing our systems and democracies.”