The UK's deputy prime minister, Oliver Dowden, says China has been unsuccessful in its attempts to undermine UK elections.

It comes as the UK and US tpday formally called out China's aggression in cyberspace, pinning its state-sponsored attackers to incidents at the Electoral Commission in 2021 and attempts to target 43 parliamentarians in the same year.

"I want to reassure people that the compromise of this information, while it is obviously concerning, typically does not create a risk to those affected, and I want to further reassure the House that the Commission has worked with security specialists to investigate the incident and remove the threat from their system," he said. "The Commission has since taken further steps to increase the resilience of their systems."

The 2021 cyberattack on the Electoral Commission saw 40 million voters' data exposed but was only publicized in August 2023. The UK's National Cyber Security Centre (NCSC) said today that email data and information from the Electoral Register was stolen during the incident.

"The data, in combination with other data sources, would highly likely be used by the Chinese intelligence services for a range of purposes, including large-scale espionage and transnational repression of perceived dissidents and critics in the UK," it added.

The attack on the Electoral Commission was linked by security experts at the time to ProxyNotShell - an exploit chain that allowed for remote code execution on vulnerable Microsoft Exchange servers.

However, Dowden confirmed to Members of Parliament today that the attack did not affect the security of UK elections, nor will it have an impact on the way Britons participate in elections he assured.

"It is completely unacceptable that China state-affiliated organizations and individuals have targeted our democratic institutions and political processes," said Foreign Secretary Lord Cameron. "While these attempts to interfere with UK democracy have not been successful, we will remain vigilant and resilient to the threats we face."

Separately, UK parliamentarians - many of whom are known for their criticism of Beijing - had their email accounts targeted by a China state-linked group in 2021.

Around 43 current and former MPs and House of Lords peers, including members of the Inter-Parliamentary Alliance on China (IPAC), are thought to be subjects of these reconnaissance operations. According to the US, every single European Union member of IPAC was also targeted.

Former Conservative leader Sir Iain Duncan Smith, former MP Tim Loughton, Lord Alton of Liverpool, and Stewart McDonald are among those to be briefed by Alison Giles, Parliament's head of security, today.

Cameron is also poised to brief the 1922 Committee, the parliamentary group for the Conservative Party, about the developments this evening.

Britain's National Cyber Security Centre (NCSC) said that although members of both Houses of Parliament were targeted, the malicious activity was detected by Parliament's security and shut down before any of their accounts were compromised.

APT31, aka Zirconium, was the specific group tied to the attacks on UK parliamentarians.

Cybersecurity experts have tracked Zirconium since at least 2015 and the espionage group is known for targeting governments, with a view to acquire information that could offer Beijing a political, economic, or military advantage, Mandiant says.

Microsoft's tracking of APT31 in 2020 led to the discovery of thousands of attacks across the year that resulted in nearly 150 compromises. The group was known for targeting those close to US presidential campaigns, including the email addresses of Biden campaign staffers and a prominent individual associated with the Trump campaign.

The NCSC has now updated its Defending Democracy guidance for political organizations, with additional detail on how they can protect their systems and people from state-aligned cyberattacks.

"The malicious activities we have exposed today are indicative of a wider pattern of unacceptable behavior we are seeing from China state-affiliated actors against the UK and around the world," said Paul Chichester, director of operations at the NCSC.

"The targeting of our democratic system is unacceptable and the NCSC will continue to call out cyber actors who pose a threat to the institutions and values that underpin our society.

"It is vital that organizations and individuals involved in our democratic processes defend themselves in cyberspace and I urge them to follow and implement the NCSC's advice to stay safe online."

Sanctions land

Dowden said the UK and US have both sanctioned two members of APT31, and one front organization, following what is seen as an international act of aggression on China's part.

Zhao Guangzong and Ni Gaobin are the two Chinese nationals from the Wuhan Xiaoruizhi Science and Technology Company - the front organization for APT31. 

They are also among seven that have been indicted [PDF] by the US for computer intrusion and wire fraud conspiracies, and have allegedly been active for 14 years.

"Over 10,000 malicious emails, impacting thousands of victims, across multiple continents. As alleged in today's indictment, this prolific global hacking operation - backed by the PRC government - targeted journalists, political officials, and companies to repress critics of the Chinese regime, compromise government institutions, and steal trade secrets," said deputy attorney general Lisa Monaco. 

"The Department of Justice will relentlessly pursue, expose, and hold accountable cyber criminals who would undermine democracies and threaten our national security."

Continued threat

China is among the four main adversaries to the UK and US in cyberspace, with the other three being Russia, Iran, and North Korea.

While it has demonstrated its capability in all manner of cyberattacks, China is typically known for conducting espionage campaigns against high-value targets in the West. These span government, manufacturing, academia, tech, telecoms, and more - anything that can give it an edge in a priority sector.

Warnings from security agencies are issued regularly about the nation's intent in cyberspace, complete with intel on how to detect their activities.

More recently, China's Volt Typhoon group attracted the attention of authorities after it compromised the networks of multiple critical infrastructure networks in the US.

The attacks were particularly noteworthy given that they deviated from China's usual espionage activities and instead appeared to be laying the groundwork for destructive attacks in the future.

Perhaps the UK's most prominent campaign highlighting the threat presented by China, at least in recent times, was when it decided to oust Huawei from the 5G infrastructure network.

It came following NCSC guidance that the security of Huawei's kit could no longer be managed due to the sweeping US sanctions against the company and ZTE. It's also pretty well understood that the US has pressured the UK into joining its hardline stance on Huawei ever since those sanctions came into force in 2019.

There are, of course, concerns that Chinese law would require any organization to comply with any government request to hand over sensitive data if served an order by Beijing. 

It was one of the arguments made in the recent proposed ban of TikTok in the US, although China has repeatedly denied this to be the case and says it is the result of a misinterpretation of that law.

The likes of Huawei and TikTok have also both denied ever complying with any such orders from the Chinese government.

The threat from China-backed espionage efforts is also not confined to cyberspace. There was the famous case last year of parliamentary aide Chris Cash being arrested under the Official Secrets Act amid claims that he was spying for China - claims he denied.

Cash was an important figure in government, was close to security minister Tom Tugenhdhat, and worked as a liaison for the China Research Group - a committee tasked with thinking about how to deal with the threat of China to the UK.

Lawyer Christine Lee was also designated as an individual who had engaged in "political interference activities" aligned to China by MI5 in 2022. She worked with MP Barry Gardiner, donated large sums to him, and her son worked in his office.

The government has been criticized for its handling of the threat posed by China. A report [PDF] from Parliament's Intelligence and Security Committee last year branded the UK's approach "completely inadequate" and one that has allowed China to "successfully penetrate every sector of the UK's economy." ®

https://www.theregister.com//2024/03/26/uk_elections_are_unaffected_by/