UK and US Accuse China of Election Hacking
On March 25th, the United Kingdom and the United States formally accused China of cyberattacks on democratic institutions, linking Chinese intelligence services to incidents at the Electoral Commission in 2021 and attempting to hack the accounts of 43 parliamentarians in the same year.
Nonetheless, the Deputy Prime Minister of the United Kingdom, Oliver Dowden, assured that China’s attempts to undermine the elections in the United Kingdom were unsuccessful. He stated that while the compromise of the Electoral Commission’s data is concerning, it does not pose a risk to the individuals affected. The Commission investigated the incident and eliminated the threat from its systems.
It is worth noting that the cyberattack in 2021 led to the data breach of 40 million voters, but it was only made public in August 2023. The UK’s National Cyber Security Centre (NCSC) reported that email data and information from the electoral register were stolen during the incident.
The attack on the Electoral Commission was associated with the ProxyNotShell exploit, which allows for remote code execution on vulnerable Microsoft Exchange servers. The National Cyber Security Centre confirmed that malicious activity was detected and halted before any accounts were compromised.
The attacks on British parliamentarians were linked to the group APT31, also known as Zirconium. Experts have been tracking these hackers since 2015, from their initial attempts to steal confidential data for Beijing’s political, economic, or military advantage.
Dowden also reported that the United Kingdom and the United States imposed sanctions against two members of APT31 and one front organization following what the countries consider an international act of aggression by China. The sanctioned individuals are Zhao Guanzhu and Ni Gaobin—two Chinese nationals from the Wuhan-based science and technology company Xiaoruizhi, a front organization for APT31.
The British Foreign Secretary, David Cameron, called China’s attempts to interfere in the democracy of the United Kingdom “utterly unacceptable,” despite their failure.
The NCSC updated its guidance on protecting democracy with additional details on how political organizations should defend against state-sponsored cyberattacks. Paul Chichester, the Operations Director at NCSC, stated that organizations involved in democratic processes must implement these recommendations to ensure unprecedented security in cyberspace.
