US and UK accuse China of large-scale cyberattack campaign

A release authored by the Foreign, Commonwealth and Development Office, National Cyber Security Centre, Cabinet Office, and the Home Office (as well as some specifically named politicians) says that Chinese state-affiliated organisations and individuals were responsible for two ‘malicious cyber campaigns targeting democratic institutions and parliamentarians.’

The National Cyber Security Centre (NCSC) – a part of GCHQ – believes that the UK Electoral Commission systems were ‘highly likely compromised by a Chinese state-affiliated entity’ between 2021 and 2022.

We’re also told that it is ‘almost certain’ that the China state-affiliated Advanced Persistent Threat Group 31 (APT31) conducted reconnaissance activity against UK parliamentarians during a separate campaign in 2021. The majority of those targeted were actively calling out China in some fashion, but no parliamentary accounts were successfully compromised, apparently.

In response, the Foreign, Commonwealth and Development Office has summoned the Chinese Ambassador to the UK, and sanctioned a front company and 2 individuals who are members of APT31.

“It is completely unacceptable that China state-affiliated organisations and individuals have targeted our democratic institutions and political processes,” Foreign Secretary Lord Cameron said. “While these attempts to interfere with UK democracy have not been successful, we will remain vigilant and resilient to the threats we face. I raised this directly with Chinese Foreign Minister Wang Yi and we have today sanctioned 2 individuals and one entity involved with the China state-affiliated group responsible for targeting our parliamentarians.

“We will always defend ourselves from those who seek to threaten the freedoms that underpin our values and democracy. One of the reasons that it is important to make this statement is that other countries should see the detail of threats that our systems and democracies face.”

Deputy Prime Minister Oliver Dowden added: “The UK will not tolerate malicious cyber activity targeting our democratic institutions. It is an absolute priority for the UK government to protect our democratic system and values. The Defending Democracy Taskforce continues to coordinate work to build resilience against these threats.

“I hope this statement helps to build wider awareness of how politicians and those involved in our democratic processes around the world are being targeted by state-sponsored cyber operations. We will continue to call out this activity, holding the Chinese government accountable for its actions.”

The statement from the UK authorities calls on the Chinese government ‘to demonstrate its credibility as a responsible cyber actor’ and the security services believe the incidents it called out were part of large-scale espionage campaign.

In conjunction, the US Attorney’s Office has identified and charged seven Chinese nationals associated with APT31 with conspiracy to commit computer intrusions and conspiracy to commit wire fraud ‘for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.’  

“Over 10,000 malicious emails, impacting thousands of victims, across multiple continents. As alleged in today’s indictment, this prolific global hacking operation – backed by the PRC government – targeted journalists, political officials, and companies to repress critics of the Chinese regime, compromise government institutions, and steal trade secrets,” said Deputy Attorney General Lisa Monaco. “The Department of Justice will relentlessly pursue, expose, and hold accountable cyber criminals who would undermine democracies and threaten our national security.”

According to this press conference transcript, China’s Foreign Ministry Spokesperson Lin Jian said when asked about the sanctions being prepared: “When investigating and determining the nature of cyber cases, one needs to have adequate and objective evidence, instead of smearing other countries when facts do not exist, still less politicize cybersecurity issues. We hope relevant parties will stop spreading disinformation, take a responsible attitude and jointly safeguard peace and security in the cyberspace. China opposes illegal and unilateral sanctions and will firmly safeguard its lawful rights and interests.”

Yesterday, China banned Intel and AMD chips from government PCs and servers, in what seems to be a retaliatory action on the waves of sanctions and export bans the US has levied against China in the tech space. While not directly related to the charges related to APT31, it’s hard to see any of this in isolation.

The wider canvas is one of worsening relations primarily between Washington and Beijing, and the direction of travel does not seem to be towards reconciliation on any front in the near future. A global divide between the two power blocs, particularly in the tech space, increasingly seems one likely outcome of this.