UK and US expose global Chinese hacking plot
The US and UK have exposed a global Chinese hacking plot that targeted White House staff and the state department as well as British MPs and the Electoral Commission.
Washington and London announced sanctions on two individuals and one company linked to APT31, a China state-affiliated group, in response to cyber attacks that “endangered national security”.
The attack on the commission, the UK electoral watchdog, was identified in October 2022, but the hackers had first been able to access the commission’s systems for more than a year since August 2021.
It exposed the personal data of 40 million voters as the commission held the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.
It also emerged that a group of MPs and peers with hawkish views on China had been spied on by Beijing. They were among 43 parliamentary email accounts targeted with malicious tracking links.
Oliver Dowden, the Deputy Prime Minister, told the Commons that any hostile cyber activity directed towards UK parliamentarians was “completely unacceptable” and said the two attacks demonstrated a “clear and persistent pattern of behaviour that signals hostile intent from China”.
But his announcement sparked a backlash among some MPs who felt the sanctions did not go far enough. Sir Iain Duncan Smith, one of the MPs spied on, said his statement was “like an elephant giving birth to a mouse” and called for China to be officially labelled a threat to Britain.
Robert Jenrick, a former minister, called the Government’s response “feeble”, saying: “The Government clearly is not holding China to account for their attack on our democracy. Taking three years to sanction two individuals and a small company is derisory. This feeble response will only embolden China to continue its aggression towards the UK.”
Suella Braverman, a former home secretary, said it was “abundantly clear” that China was a hostile state posing an “unprecedented threat” to national security. She said there was a “compelling case” to add it to the foreign influence registration scheme.
Washington said a “wide range of high-ranking US government officials and their advisers, integral to US national security” had been targeted, including staff at the White House and the Department of State.
The list also featured members of Congress, including both Democrat and Republican senators, the United States Naval Academy and the United States Naval War College’s China Maritime Studies Institute.
The Department of Justice charged seven Chinese nationals connected with APT 31, who it said had “spent approximately 14 years targeting US and foreign critics, businesses and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives”.
Announcing the charges, the department said the case revealed China’s “vast illegal hacking operation”, which targeted sensitive data from American journalists, academics and companies as well as government officials.
New Zealand’s government said it had raised concerns on Tuesday with Beijing about its involvement in a state-sponsored cyber hack on its parliament in 2021, which was uncovered by the country’s intelligence services.
Washington announced that it had sanctioned the Wuhan Xiaoruizhi Science and Technology Company Limited (Wuhan XRZ), which it said was a “front company” for the Chinese ministry of state security and had served as cover for multiple malicious cyber operations.
Zhao Guangzong and Ni Gaobin, two Chinese nationals affiliated with Wuhan XRZ, were also designated for their roles in “malicious cyber operations” that were responsible for “directly endangering US national security”.
‘Sophisticated hacking techniques’
The Department of Justice said APT31 was part of a “cyber espionage programme run by the ministry of state security’s Hubei state security department, located in the city of Wuhan”, and that the seven defendants targeted “networks, email accounts, cloud storage accounts and telephone call records, with some surveillance of compromised email accounts lasting many years”.
The group operated by sending more than 10,000 malicious emails to targets, purporting to be from prominent news outlets or journalists. They contained hidden tracking links that, once opened, would reveal the target’s location, IP address and devices to the hackers.
Once the targets had opened the emails, the group used “sophisticated hacking techniques” to gain access to personal data, the department said.
Foreign Office officials said the majority of MPs and peers who were spied on by Beijing were “prominent in calling out the malign activity of China”.
The National Cyber Security Centre (NCSC), part of GCHQ, said Parliament’s security department “identified and successfully mitigated” the cyber attacks “before any accounts could be compromised”.
On Monday, it emerged that Lord Cameron, the Foreign Secretary, has called in Wang Yi, the Chinese foreign minister, for a dressing down over the attacks.
The NCSC will publish new guidance for organisations involved in co-ordinating elections, such as local authorities, which will advise officials on how they can step up the protection of their electoral management systems against cyber hacks.
Earlier on Monday, Sir Iain said China critics would not be “bullied into silence” as he compared the West’s approach toward Beijing with 1930s appeasement.
Britain has been “too passive” towards China’s overseas influence and has “turned a blind eye” to its malign activities, the former Conservative leader said.
He spoke at a press conference in Westminster alongside Tim Loughton, a former minister, and Stewart McDonald, a Scottish National Party MP.
Sir Iain, who has been sanctioned by Beijing, said: “Together with other Members of Parliament, activists and dissidents, we have been subjected to harassment, impersonation, and attempted hacking from China for some time. Neither we, nor other parliamentary colleagues, will be bullied into silence by Beijing.
“For years the behaviour of the Chinese government has gone unchecked. We have been too passive as Beijing’s overseas influence operations have rapidly expanded, turning a blind eye to what the intelligence and security committee termed penetration of ‘every sector of the UK economy’.
“We need to be much stronger and tougher. The lesson we learnt from the 1930s, appeasement never works – if you are strong, and you tell them what is wrong and you tell them you are not going to put up with it, then eventually they will probably back down.
“But if you don’t, they just keep taking advantage of you and that is our biggest problem.”
Chinese embassy: Accusations ‘groundless’
Sir Iain said he found it “incredible” that there was still a debate within the Government over whether or not China will be in the enhanced tier of the foreign influence registration scheme.
“Still, the UK has yet to impose a single sanction upon officials responsible for the destruction of freedoms in Hong Kong, despite the UK being one of the two duty bearers, with China, under the Sino-British Joint Declaration,” he said.
“The United States, by contrast, has sanctioned over 40. We must now enter a new era of relations with China, dealing with the contemporary Chinese Communist Party as it really is, not as we hoped it would become.
“Today’s announcement should mark a watershed moment where the UK takes a stand for values, human rights, and the international rules based system, upon which we all depend.”
The Chinese embassy in London described the accusations of hacking by the UK as “groundless” and “completely unfounded”, saying a “serious démarche” had been issued to British diplomats in response.
“The UK’s hype-up of the so-called ‘Chinese cyber attacks’, without basis, and the announcement of sanctions is outright political manipulation and malicious slander,” it said.
“The UK falsely accused China of attempting to interfere with UK democracy. This is nothing more than a publicity stunt. This is also a typical example of a thief crying ‘catch thief’.”
