China’s 2021 attack on the UK electoral commision has no bearing on future elections says deputy PM

The UK's deputy prime minister, Oliver Dowden, has come out to reassure the public that despite China’s alleged plans to undermine elections, the electoral commission has stepped up to ensure integrity is maintained.

This comes after the US and UK governments called out China last week for its engagement in cyber espionage through state-sponsored hackers. The two government believe China was behind the 2021 attacks on the UK Electoral Commission and the targeting of 43 parliamentarians later in the same year.

"I want to reassure people that the compromise of this information, while it is obviously concerning, typically does not create a risk to those affected, and I want to further reassure the House that the Commission has worked with security specialists to investigate the incident and remove the threat from their system," Dowden said. "The Commission has since taken further steps to increase the resilience of their systems."

Surprisingly details of the attack did not come to light until August 2023 when it was revealed that the data of 40 million voters was compromised. Last week the UK's National Cyber Security Centre (NCSC) added that email data and information from the Electoral Register was also stolen in the incident.

While the stolen data may have no bearing on the elections, the NCSC believes Chinese Intelligence Services can still use it for “a range of purposes, including large-scale espionage and transnational repression of perceived dissidents and critics in the UK.”

Weighing in on the issue, Foreign Secretary Lord Cameron castigated the Chinese action and called for vigilance dealing with these attempted attacks on democracy.

"It is completely unacceptable that China state-affiliated organizations and individuals have targeted our democratic institutions and political processes. While these attempts to interfere with UK democracy have not been successful, we will remain vigilant and resilient to the threats we face," he said.

Experts investigating the incidents have attributed the attack on the 43 parliamentarians to APT31, aka Zirconium. According to Mandiant, the group has been active since 2015 and has been heavily involved in targeting governments in an attempt to gain data that would offer Beijing a political, economic, or military advantage.

During the previous US elections, the group launched attacks on the presidential campaigns, including the email addresses of Biden campaign staffers and a prominent individual associated with the Trump campaign.

The NCSC has now updated its Defending Democracy guidance for political organizations adding provisons on how they can protect their systems and people from state-aligned cyberattacks.

"The malicious activities we have exposed today are indicative of a wider pattern of unacceptable behavior we are seeing from China state-affiliated actors against the UK and around the world," said Paul Chichester, director of operations at the NCSC.

"The targeting of our democratic system is unacceptable and the NCSC will continue to call out cyber actors who pose a threat to the institutions and values that underpin our society. It is vital that organizations and individuals involved in our democratic processes defend themselves in cyberspace and I urge them to follow and implement the NCSC's advice to stay safe online," he concluded.