UK Calling out China State-Affiliated Actors for Targeted Cyberattacks of UK Democratic Institutions

The UK government has publicly accused China-affiliated cyber actors of conducting targeted cyberattacks against British democratic institutions. The National Cyber Security Centre (NCSC), a division of GCHQ, has attributed these attacks to APT31, a group with ties to the Chinese state. Specifically, the NCSC has identified APT31 as the likely perpetrator behind the attempted infiltration of UK parliamentarians' email accounts in 2021. Additionally, the compromise of systems at the UK Electoral Commission between 2021 and 2022 has also been attributed to a China state-affiliated actor.

According to the NCSC, these cyber intrusions pose a significant threat to the integrity of UK democracy. The compromised data, which may include email correspondence and information from the Electoral Register, could be exploited by Chinese intelligence services for espionage purposes or to suppress dissent within the UK.

To combat these threats and enhance cyber resilience, the NCSC has issued updated guidance aimed at political organizations, such as parties and think tanks, as well as entities involved in election coordination. This guidance emphasizes the implementation of security measures such as defenses against spear-phishing and DDoS attacks, as well as the adoption of multi-factor authentication for cloud and internet-connected services.

Paul Chichester, NCSC's Director of Operations, condemned the malicious activities attributed to China-affiliated actors and stressed the importance of defending democratic institutions against cyber threats. He urged organizations and individuals involved in democratic processes to adhere to the NCSC's guidance to safeguard against future attacks.

While the cyber campaign against parliamentary email accounts was identified and mitigated before any accounts were compromised, the compromise of systems at the Electoral Commission was disclosed publicly last year after remediation efforts were undertaken with support from the NCSC.

The NCSC's publication of updated guidance follows previous warnings about the threat posed by China-linked cyber capabilities, including APT31's involvement in the compromise of Microsoft Exchange Server in 2021. Additionally, the NCSC has cautioned about China state-sponsored actors utilizing sophisticated techniques to evade detection on critical infrastructure networks.