Chinese Communist Party Sponsored Hackers Stole 40 Million Voter Records From British Electoral Commission’s Computer Systems

The United Kingdom, a NATO member, has accused China of a major cyber hack targeting British parliamentarians and voter data.

“It is almost certain that the China state-affiliated Advanced Persistent Threat Group 31 (APT31) conducted reconnaissance activity against UK parliamentarians during a separate campaign in 2021,” the U.K. government’s statement on the hack said on Monday. “The majority of those targeted were prominent in calling out the malign activity of China. No parliamentary accounts were successfully compromised.”

The accusations involve attempts to access sensitive information about MPs critical of Beijing and data on potentially 40 million voters.

The revelation comes as China’s hacking activity has been under scrutiny in recent weeks. Last month, documents were leaked on the open-source software development platform GitHub, revealing the inner functioning of a private security contractor, I-Soon (Auxun in Mandarin). The leaked documents established the connection between the company and China’s top spy agency.

The U.K.’s official allegations coincide with the United States imposing sanctions on Chinese hackers for targeting civilian infrastructure.

The U.K.’s National Cyber Security Centre (NCSC), a branch of the Government Communications Headquarters (GCHQ), has identified that the U.K. Electoral Commission’s systems were likely compromised by a Chinese state-affiliated entity between 2021 and 2022.

In response, the U.K. has imposed sanctions on two Chinese nationals, Zhao Guangzong and Ni Gaobin, and the Wuhan Xiaoruizhi Science and Technology Company Ltd.

“Zhao Guangzong, who is a member of APT31, operating on behalf of the Chinese Ministry of State Security (MSS)…has engaged in cyber activities targeting officials, government entities, and parliamentarians in the UK and internationally,” the U.K.’s statement said directly blaming China’s top spy agency.

Deputy Prime Minister Oliver Dowden emphasized that the U.K. would not tolerate malicious cyber activities. The sanctions include asset freezes and travel bans. Wuhan Xiaoruizhi Science and Technology Company Ltd has been banned from conducting business in the U.K.

“We will continue to call out this activity, holding the Chinese government accountable for its actions,” Dowden said on Monday.

The Chinese Embassy in the U.K. has called the official allegations “sinister.”

“The UK’s hype-up of the so-called ‘Chinese cyber attacks’ without basis and the announcement of sanctions is outright political manipulation and malicious slander,” the embassy said in a statement on Monday.

U.K. Foreign Secretary David Cameron raised the issue of hacking with the Chinese government at the highest level.

“I raised this directly with Chinese Foreign Minister Wang Yi, and we have today sanctioned two individuals and one entity involved with the China state-affiliated group responsible for targeting our parliamentarians,” David Cameron said on X, formerly Twitter, on Monday.

“It is completely unacceptable that China state-affiliated organizations and individuals have targeted our democratic institutions and political processes,” Cameron added on X.

The Chinese foreign ministry has called the U.K. government’s action “illegal.”

“We hope relevant parties will stop spreading disinformation, take a responsible attitude and jointly safeguard peace and security in cyberspace. China opposes illegal and unilateral sanctions and will firmly safeguard its lawful rights and interests,” said Lin Jian, the Chinese foreign ministry spokesperson, during a daily press briefing on Monday.

On Monday, the Joe Biden administration announced criminal indictments and sanctions against multiple Chinese hackers for conducting extensive hacks against U.S. companies and government officials on behalf of China’s civilian intelligence service.

“Seven Chinese men were indicted in U.S. federal court in the Eastern District of New York and accused of being part of a years-long hacking effort that resulted in the ‘confirmed and potential compromise’ of data belonging to millions of Americans,” CNN reported.

This data, according to the indictment, could potentially be used to undermine U.S. democratic institutions. The targeted sectors include critical infrastructure such as defense contractors and the U.S. Treasury Department, underscoring the major threat these operations pose to national security, CNN reported.

The U.S. Treasury Department announced sanctions against two of the men indicted, and the State Department announced a reward of up to $10 million for information about the seven men.

© 2024, GDC. © GDC and Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to with appropriate and specific direction to the original content.

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.