UK imposes sanctions for China-backed cyberattack on electoral register

The UK government has imposed sanctions on two Chinese nationals and a company after accusing China state-backed actors of orchestrating cyberattacks against the country’s electoral commission between August 2021 and October 2022, and attempting to breach the cybersecurity of members of parliament (MPs) critical of the Chinese state.

Deputy UK Prime Minister Oliver Dowden said the Electoral Commission’s registers holding the names and addresses of all registered voters – potentially 40 million records – were accessed, as well as emails between election officials during six by-elections. While he said the security of registered voters and the outcome of elections had not been compromised, Dowden warned: “The UK will not tolerate malicious cyber activity. It is an absolute priority for the UK government to protect our democratic system.”

MP members of the Inter-Parliamentary Alliance on China were also targeted in the cyber campaigns. Former leader of the Conservative Party Iain Duncan Smith, a member of the alliance, called for the UK government to go further in its actions against China, including designating the state as a threat and imposing more sanctions against Chinese government actors.

Dowden said the UK stands with international allies to identify and oppose “ongoing patterns of hostile activity” directed by the Chinese state, in particular impacting democratic election systems.

The US is pressing criminal charges of conspiracy against the same two individuals, Zhao Guangzong and Ni Gaobin, sanctioned by the UK, as well as five others. The company sanctioned by the UK was Wuhan Xiaoruizhi Science and Technology Company Ltd, which the UK said works for cyber espionage group Advanced Persistent Threat Group APT40. New Zealand has named APT40 as responsible for hacking its parliamentary network in 2021.

China’s embassy in the UK denied the allegations as “completely unfounded” and “malicious slander”. It added: “We have no interest or need to meddle in the UK’s internal affairs.”

The UK Electoral Commission said the government’s attribution of the “complex” cyberattack, identified in October 2022, to a China state-affiliated actor “demonstrates the international threats facing the UK’s democratic process and its institutions”.

Chair of the Electoral Commission John Pullinger said: “In a year of significant electoral events, we remain vigilant to the risks facing our electoral process, and will continue to work with the UK’s governments and the wider electoral community to safeguard the safety of the system.”

He added that the agency has since improved security.

“The cyberattack has not had an impact on the security of UK elections. The UK’s democratic processes and systems are widely dispersed and their resilience has been strengthened since the attack. Voters have, and should continue to have, high trust in the process of voting,” Pullinger said.

Back to top button