News emerged from the UK government today that Chinese groups have been accused of launching a series of attacks, in one instance against the electoral commission and potentially accessing the personal details of millions of voters. There could be a rumoured 40 million victims affected..
According to the UK’s deputy Prime Minister Oliver Dowden – who delivered the statement in Westminster earlier this afternoon – insisted that UK political institutions “have not been harmed by these attacks,”.and the UK government condemns “in the strongest terms” the threatening behaviours by China, and says preventative action will be taken.
So what were these attacks? Dowden pointed at the attempted hit (or potentially multiple hits) on the UK Electoral Commission between 2021 and 2022, as well as China’s ‘conducted reconnaissance activity’ against parliamentarians in 2021. In the first instance, the attackers apparently did not succeed, but it does make me wonder if MPs were specifically targeted?
The gains from a successful targeting and compromise of such a politician could provide quite the reward for a clever hacker. Compromise could mean access to internal networks in UK parliament, opportunities for email spoofing and even connections to the top government ministers.
The Deputy PM says it’s “almost certain” that the China state-affiliated APT 31 group “conducted reconnaissance activity” against UK parliamentarians during a separate campaign in 2021.
APT 31 has reportedly targeted government in the past, as well as financial services organisations, high tech, construction and engineering, telecommunications, media, and insurance, and is named by Mandiant as a “China-nexus cyber espionage actor focused on obtaining information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages.”
Mandiant also says APT 31 “has exploited vulnerabilities in applications such as Java and Adobe Flash to compromise victim environments. Let’s hope no MPs received and opened a suspicious attachment in the past few years.
What are the immediate takeaways from this? Firstly that government is talking about cybersecurity, and making firm judgements on who is responsible. It may not come as any surprise that China is still being named as a perpetrator of major attacks; even CISA names the PRC (along with Russia and North Korea) as ‘nation-state adversaries, who ‘are known for their Advanced Persistent Threat (APT) activity.’
Secondly, that there have been reported attacks on the UK’s electoral roll. I’m in no doubt that this has been targeted before, but typically attackers go for money or intellectual property. What use is a list of people’s names to a nation? Well actually it could be very useful if it is for nefarious purposes, and contains live email addresses among those personal details.
Thirdly that MPs are being deliberately targeted. What is interesting here is that MPs’ email addresses appear on several websites for people (including constituents) to contact them. We know these emails often go to the MP’s staff and secretaries, but are they suspicious of emails and rogue attachments?
Fourthly, we’re still pointing the finger at APT groups, nation state and affiliated attacker groups. They go after major industry verticals, go after money and IP and generally operate either for or in ideological support of nations. It’s some 11 years since I first learned about APT1, also based out of China, and since then the number of identified nation state attackers continues to increase.
Fifth and finally, what happens next? Is this going to be a case of mud slinging and naming and shaming by the UK government, and nothing happens until the next attribution? Hard to say, but Prime Minister Rishi Sunak called China “the greatest state-based challenge to our national security” and said “it is right we take steps to protect ourselves.” What are those steps exactly?
China has responded, with a message on its UK Embassy website calling the accusations of “so-called cyber attacks” to be “completely fabricated and malicious slanders” and that it strongly opposes such accusations. A spokesperson said: “We urge the relevant parties in the UK to stop spreading false information and stop their self-staged, anti-China political farce.”
It’s always positive to see national leaders discuss cybersecurity issues and take the matters to the nation, and ensure those affected are identified and protected. I just hope that the story doesn’t end with a statement.