China responsible for two 'malicious' cyber attack campaigns in UK, says Dowden

By John Mercury March 26, 2024

China “state-affiliated actors” have been blamed by the government for two “malicious” cyber attack campaigns in the UK.

Making a speech in the Commons, Deputy Prime Minister Oliver Dowden revealed the two incidents involved an attack on the Electoral Commission – responsible for overseeing elections and political finance – in 2021, and targeted attacks against China-sceptic MPs.

He confirmed the Foreign Office would be summoning the Chinese ambassador “to account for China’s conduct in these incidents”, and that the UK, alongside international partners such as the US, would be issuing sanctions.

Mr Dowden told MPs: “The cyber threat posed by China affiliated actors is real and it is serious, but it is more than equalled by our determination and resolve to resist it.

“That is how we defend ourselves and our precious democracy.”

But he faced condemnation from backbench Tories for not going far enough, with former immigration minister Robert Jenrick calling the actions of the UK government “feeble” and “derisory”, and foreign affairs committee chair Alicia Kearns deeming them “sadly insufficient”.

Politics live: PM issues nuclear warning

According to the National Cyber Security Centre, the incident at the commission, discovered in 2022, saw the Electoral Roll compromised, including the names and addresses of tens of millions of voters.

But “reconnaissance activity” in 2021, targeting the accounts of former Tory leader Sir Iain Duncan Smith, former Conservative education minister Tim Loughton, crossbench peer Lord Alton of Liverpool and SNP MP Stewart McDonald was unsuccessful.

Follow Sky News on WhatsApp
Follow Sky News on WhatsApp

Keep up with all the latest news from the UK and around the world by following Sky News

Tap here

The latter of the campaigns was blamed on the APT31 group, also known as Judgement Panda or Zirconium, but a specific entity has not been named for the Electoral Commission attack.

However, the Foreign Office has confirmed it is placing sanctions on a front company, the Wuhan Xiaoruizhi Science and Technology Company, and two actors involved in the operations of APT31, Zhao Guangzong and Ni Gaobin – a move echoed by the US government.

Dowden: Attacks completely unacceptable

Mr Dowden said the two cyber attack campaigns were “completely unacceptable” and demonstrated “a clear and persistent pattern of behaviour that signal signals hostile intent from China”.

He added: “The UK does not accept that China’s relationship with the United Kingdom is set on a predetermined course. But this depends on the choices that China makes.

“That is why the Foreign Office will be summoning the Chinese ambassador to account for China’s conduct in these incidents.

“The UK’s policy towards China is anchored in our core national interests. Where it is consistent with these interests, we will engage with the Chinese government.

“But we will not hesitate to take robust actions wherever the Chinese government threatens the United Kingdom’s interests.”

But in response to the cyber attacks highlighted by the UK government, a Chinese Embassy spokesperson said the accusations were “completely unfounded and constitutes malicious slander”.

They said China had “firmly fought and stopped all kinds of malicious cyber activities” and the UK’s “hype-up of the so-called ‘Chinese cyber attacks’ without basis and the announcement of sanctions is outright political manipulation”.

The spokesperson added: “China has always adhered to the principle of non-interference in each other’s internal affairs. We have no interest or need to meddle in the UK’s internal affairs. Whether the British government is good or bad, the British people will come to a conclusion sooner or later.

“The UK[has] falsely accused China of attempting to interfere with UK democracy. This is nothing more than a publicity stunt. This is also a typical example of a thief crying ‘catch thief’.

“We strongly urge the UK to immediately stop spreading false information about China, stop such self-staged, anti-China farces, and refrain from going further down the wrong path that leads only to failure.”

Please use Chrome browser for a more accessible video player

UK needs to ‘wake up’ to China

Those MPs targeted by the attacks – all members of the Inter-Parliamentary Alliance on China (IPAC) who probe Beijing’s activities – were briefed by parliament’s director of security on Monday.

‘MPs will not be bullied into silence by Beijing’

Speaking at a press conference afterwards, Sir Iain said the group had been “subjected to harassment, impersonation and attempted hacking from China for some time”, but insisted MPs would not be “bullied into silence by Beijing”.

He called for a “watershed moment” from the government that would see the UK “take a stand for values of human rights and the international rules-based system on which we all depend”.

Please use Chrome browser for a more accessible video player

‘We won’t be bullied into silence by China’

However, speaking in the Commons after Mr Dowden’s statement, Sir Iain described his words as “like an elephant giving birth to a mouse”, as he called for further sanctions on China – especially over its actions in Hong Kong – and for the country to be defined as a “threat”.

Speaking to Sky News’ Politics Hub With Sophy Ridge, another targeted MP, Mr Loughton, said he felt “let down” by the government’s actions, saying while they had sanctioned just two people linked to the attacks, the US had sanctioned 46.

“[The actions of China] requires Western democracies like the United Kingdom to stand up to this, to call them out, to face up to them, and for us to say there are consequences of this and for China to be convinced that those consequences will be carried out,” he said.

“And frankly, just sanctioning two lowly officials and a small private company are not very consequential. And that, I think, is why we’re so underwhelmed today. Frankly, the government’s got to ramp up its response to this. This is serious stuff.”

Foreign Secretary Lord Cameron has briefed the 1922 Committee of backbench Conservative MPs on the measures, a number of whom have now publicly called for more robust action to be taken against China as a result of the cyber attacks.

Speaking to broadcasters afterwards, Mr Dowden addressed his critics by saying: “I would say this isn’t the end of the story. We will continue to take the necessary and proportionate steps to protect our democratic institutions.”

A clear reminder the cyber threat is constant

Tom Clarke

Science and technology editor


The fact China is attempting to spy on the UK and others online should come as no surprise.

This latest announcement from government is more of reminder that the activity is constant, and increasingly sophisticated.

The UK’s National Cyber Security Centre has now implicated a Chinese-backed hacking group APT31 of attempting to target a group of MPs.

There’s a clue in the name: Advanced Persistent Threat is cybersecurity speak for groups usually backed by governments.

A long list From APT16 to APT 41 are hacking groups each with their own techniques and target areas suspected of being run by the Chinese state.

It’s suggested APT 31 used “spear phishing” to attempt to spy on members of the Inter Parliamentary Alliance on China. The same as phishing – in which a malicious file, usually typically embedded in an innocent-looking link in a email – spear phishing is targeted at a specific individual or group.

We have less information on the hack of the Electoral Commission back in 2021, which has now also been attributed to China. In this instance the hackers are believed to have had persistent access to the Electoral Commission’s systems for months.

In response, the NCSC has updated guidance for political organisations and other institutions who could be at threat from such attacks, including updated guidance on sophisticated threat called “living off the land”.

This is a type of “fileless” attack that exploits native code used to manage server networks operated by large providers like Microsoft. Via an intrusion like a phishing attack, malicious code, disguised to look normal, is inserted straight into the target system’s operating instructions bypassing virus scanning software.

The danger of this type of attack is that it’s hard for online security teams to spot that an intrusion has happened, or to monitor the activity of hackers. Without very vigilant cybersecurity, hacks like this have been found to have persisted for long periods of time.

Last year Microsoft announced a “living off the land” attack by Chinese-backed hacker group Volt Typhoon had been used to infiltrate US utilities and critical infrastructure companies from 2021 onwards.

It is the latest incident to highlight growing pressure on Prime Minister Rishi Sunak from within his own party to take a tougher stance on China, having so far refused to brand the country a threat.

During Lord Cameron’s tenure in Number 10, relations with Beijing grew stronger in what the former prime minister dubbed as the “golden age” between the two countries.

But since then, parliament’s Intelligence and Security Committee has accused China of “aggressively” targeting the UK, and its technology has been removed from a number of key infrastructure projects.

Speaking to Sky News, the former British governor of Hong Kong, Lord Patten, said: “We must be grateful the government has done something about it now.

“But it is, as slaps on the wrist go, it isn’t terribly firm and I just hope it will be the beginning of a less delusional approach to China.”

Speaking ahead of Mr Dowden’s statement, the prime minister said: “We’ve been very clear that the situation now is that China is behaving in an increasingly assertive way abroad, authoritarian at home and it represents an epoch-defining challenge, and also the greatest state-based threat to our economic security.

“So, it’s right that we take measures to protect ourselves, which is what we are doing.”

A Downing Street source also told Sky News Mr Sunak had “always had a robust position on China”, but it would “not be a sensible thing to do” to “cut all links” with Beijing, and instead the government took a “eyes wide open approach” to its activities.


Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *