The UK government has called out China’s state-affiliated actors for engaging in cyber activities aimed at damaging UK democratic institutions and individuals
The Nation Cyber Security Center (NCSC), a branch of GCHQ, has identified APT31, a cyber actor linked to China, as the likely link behind these actions.
Targeting UK parliamentarians in 2021
According to the NCSC, AP31 conducted online activities targeting the email accounts of UK parliamentarians in 2021. Those targeted were individuals vocal in their criticisms of China’s activities.
A separate incident involving the compromise of computer systems at the UK Electoral Commission between 2021 and 2022 has also been down to a China state-affiliated actor.
It is highly likely that the compromised data, including email contents and Electoral Register information, could be exploited by Chinese intelligence services for various purposes.
The NCSC has issued an updated guidance to support UK institutions’ cyber resilience in response to these threats. Political organisations, including parties and think tanks, are advised to implement security measures such as controls to defend against spear-phishing and Distributed Denial of Service (DDoS) attacks and adopt multi-factor authentication for cloud and internet-connected services.
Prioritising cyber security
Organisations involved in coordinating elections, such as local authorities, are advised to take steps to protect electoral management systems.
This includes implementing robust cybersecurity protocols to safeguard against potential breaches. The NCSC’s Director of Operations, Paul Chichester, emphasised the severity of the situation, labelling the targeting of democratic systems as unacceptable.
NCSC guidance to mitigate cyber attacks
Chichester urged all organisations and individuals involved in democratic processes to prioritise cybersecurity and adhere to the NCSC’s guidance to mitigate the risk of cyber attacks.
Action by Parliament’s Security Department stopped the attempted compromise of parliamentary email accounts, showing the importance of proactive cybersecurity measures.
Steps were taken to remediate and recover from systems compromise at the UK Electoral Commission, with support from the NCSC.
This latest development shows the persistent threat state-affiliated cyber actors face, as highlighted by previous warnings issued by the NCSC.
APT31 was previously linked to the Chinese Ministry of State Security in 2021 following the compromise of Microsoft Exchange Server.
Cybersecurity remains a critical priority for safeguarding democratic institutions and processes. The NCSC’s efforts to raise awareness and provide guidance are essential in strengthening the UK’s cyber defences against other actors.