APT31, a China state-affiliated actor, was almost certainly responsible for targeting UK parliamentarians’ emails in 2021.
The UK government has called out China state-affiliated actors today (Monday) for malicious cyber activity targeting UK institutions and individuals important to our democracy.
The National Cyber Security Centre – a part of GCHQ – assesses that the China state-affiliated cyber actor APT31 was almost certainly responsible for conducting online reconnaissance activity in 2021 against the email accounts of UK parliamentarians, most of whom have been prominent in calling out the malign activity of China.
Separately, the compromise of computer systems at the UK Electoral Commission between 2021 and 2022 has also been attributed to a China state-affiliated actor. The NCSC assesses it is highly likely the threat actors accessed and exfiltrated email data, and data from the Electoral Register during this time.
The data, in combination with other data sources, would highly likely be used by the Chinese intelligence services for a range of purposes, including large-scale espionage and transnational repression of perceived dissidents and critics in the UK.
Also Read: Demystifying Cyber Security: Essential Concepts and Strategies
To help bolster the UK’s cyber resilience, the NCSC has today published updated guidance in its Defending Democracy collection for political organizations – such as parties and think tanks – and organizations coordinating the delivery of elections, with advice on reducing the likelihood of cyber attacks.
Paul Chichester, NCSC Director of Operations, said:
“The malicious activities we have exposed today indicate a wider pattern of unacceptable behavior from China state-affiliated actors against the UK and worldwide.
“The targeting of our democratic system is unacceptable, and the NCSC will continue to call out cyber actors who threaten the institutions and values that underpin our society.
“It is vital that organizations and individuals involved in our democratic processes defend themselves in cyberspace. I urge them to follow and implement the NCSC’s advice to stay safe online.”
The cyber campaign against the parliamentary email accounts of members across both Houses of Parliament was identified and successfully mitigated by Parliament’s Security Department before any accounts could be compromised.
The compromise of systems at the UK Electoral Commission was made public last year after steps had been taken to remediate and recover, with support from the NCSC.
The publication of new Defending Democracy guidance follows the release of fresh advice for high-risk individuals published in December.
The newly issued guidance for political organizations offers advice to help IT practitioners implement security measures that will help prevent common cyber attacks. These include putting controls in place to defend against spear-phishing and DDoS attacks and setting up multi-factor authentication on cloud- and internet-connected services.
Meanwhile, the guidance for organizations involved in coordinating elections, such as local authorities, advises protecting electoral management systems.
The NCSC has previously warned about the threat from China state-linked cyber capabilities, including from APT31, which was previously linked to the Chinese Ministry of State Security in 2021 following the compromise of Microsoft Exchange Server.
More recently, the NCSC has warned about China state-sponsored actors using living off-the-land techniques to evade detection on compromised critical infrastructure networks.