UK blames China for "malicious" cyber-attack on voter data

The UK on Monday, 25 March accused China state-affiliated cyber organisations of at least two “malicious” and “reprehensible” cyber campaigns targeting Britain's voter data and parliamentarians.

In a statement in the House of Commons, the government revealed that the UK’s National Cyber Security Centre (NCSC), a part of its Government Communications Headquarters (GCHQ), concluded that the country’s Electoral Commission systems were “highly likely” compromised by a Chinese entity between 2021 and 2022.

The NCSC also claims that it is “almost certain” that the China state-affiliated APT31 conducted reconnaissance activity against British parliamentarians during a separate campaign in 2021. All such attacks to interfere with UK democracy and politics are said to have been unsuccessful, but it has led to two individuals and one company linked to APT31 being sanctioned.

“The UK will not tolerate malicious cyber activity targeting our democratic institutions. It is an absolute priority for the UK government to protect our democratic system and values,” said Oliver Dowden, UK Deputy Prime Minister.

“I hope this statement helps to build wider awareness of how politicians and those involved in our democratic processes around the world are being targeted by state-sponsored cyber operations. We will continue to call out this activity, holding the Chinese government accountable for its actions,” he said.

Dowden told the Commons that the malicious cyber activity had not impacted electoral processes or affected the UK electorate's rights or access to the democratic process or electoral registration. The Electoral Commission has since taken steps to secure its systems against similar activity in the future.

“It is completely unacceptable that China state-affiliated organisations and individuals have targeted our democratic institutions and political processes. While these attempts to interfere with UK democracy have not been successful, we will remain vigilant and resilient to the threats we face,” stated Foreign Secretary David Cameron, who said he has raised the issue directly with Chinese Foreign Minister Wang Yi.

“One of the reasons that it is important to make this statement is that other countries should see the detail of threats that our systems and democracies face,” he said.

The majority of the UK parliamentarians targeted include those calling out the malign activity of China, but the Foreign, Commonwealth and Development Office (FCDO) said no parliamentary accounts were successfully compromised.

"It is reprehensible that China sought to target our democratic institutions. China's attempts at espionage did not give them the results they wanted and our new National Security Act has made the UK an even harder target,” said Home Secretary James Cleverly.

“Our upcoming elections, at local and national level, are robust and secure. Democracy and the rule of law is paramount to the United Kingdom. Targeting our elected representatives and electoral processes will never go unchallenged," he said.

The UK’s statement is said to be supported by allies across its Five Eyes alliance, which includes Australia, Canada, New Zealand and the United States. The British government said the international community is calling on the Chinese government to demonstrate its credibility as a responsible cyber actor and welcomed the expression of solidarity from across the Indo-Pacific and Europe.

Through the Defending Democracy Taskforce and National Security Act, the NCSC has also published guidance on its website to help high-risk individuals, including parliamentarians, to bolster their resilience to cyber threats, as well as advice to help organisations improve their security.

The UK's Elections Act 2022 also clarified the offence of undue influence, which it claims better protects voters from improper influences to vote in a particular way or to not vote at all, including activities which deceive an elector about the administration of an election or referendum. These electoral offences fall within the scope of the Online Safety Act’s illegal safety duties, requiring online platforms to swiftly take down such content when they are alerted to it.