November 9, 2024
U.S. and Britain accuse China-linked hackers of ‘malicious’ cyber campaigns, announce sanctions
The U.S. and U.K. on Monday accused Chinese state-affiliated hackers of being behind cyber campaigns targeting political figures.

BeeBright | Getty Images

LONDON — The U.S. and U.K. on Monday accused hackers linked to the Chinese state of being behind “malicious” cyber campaigns targeting political figures, in moves expected to stoke tensions with Beijing.

The British government also alleged that China-affiliated hackers were behind an attack that saw the data of millions of voters accessed.

“I can confirm today that Chinese state-affiliated actors were responsible for two malicious cyber campaigns targeting our democratic institutions and parliamentarians,” British Deputy Prime Minister Oliver Dowden said in a speech to Parliament on Monday.

Dowden attributed a hack on the Electoral Commission, the independent agency tasked with setting standards for how U.K. elections should be run, to a China state-affiliated actor. The campaigns were said to have taken place between 2021 and 2022.

The attack was identified by the Electoral Commission in October 2022, but wasn’t disclosed until last year. Hackers accessed the names and addresses of anyone in Britain registered to vote between 2014 and 2022, the Electoral Commission said in a 2023 public notice.

A spokesperson for the Chinese Embassy in the U.K. said allegations of China being behind cyberattacks in the U.K. were “completely fabricated and malicious slanders.”

“We strongly oppose such accusations,” the Chinese Embassy spokesperson told reporters at a press briefing Monday, according to an update that was posted on its website. “China has always firmly fought all forms of cyber attacks according to law.”

‘A clear pattern’

Dowden said the U.K. believes China to be behind attempted reconnaissance on the email accounts of U.K. lawmakers in the summer of 2021. He accused the Chinese hacking group APT31 of being behind this attack.

Cybersecurity firm Mandiant, which is owned by Google, describes APT31 as a “China-nexus cyber espionage actor focused on obtaining information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages.”

Dowden added that attempts to compromise the email accounts of U.K. lawmakers were however “unsuccessful.”

“We want now to be as open as possible with the House and the British public,” Dowden said. “This is the latest in a clear pattern of hostile activity originating in China.”

Dowden said the U.K. had sanctioned two individuals residing within China, as well as an entity affiliated with APT31.

U.S. hits out at China

Separately, the U.S. Justice Department unsealed an indictment Monday accusing Chinese state-linked hackers of being behind cyber campaigns targeting U.S. businesses, government officials and politicians.

The DOJ charged seven Chinese nationals, Ni Gaobin; Weng Ming; Cheng Feng; Peng Yaowen; Sun Xiaohui; Xiong Wang; and Zhao Guangzong, with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for involvement in a China-based hacking group that spent 14 years targeting U.S. and foreign critics, businesses and political officials.

These individuals operated as part of the APT31 hacking group, the DOJ said.

“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” Attorney General Merrick B. Garland said in a statement Monday.

“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies,” Garland added.

Geopolitical tensions

The announcements from the U.K. and U.S. are likely to draw the ire of Beijing.

Relations between the U.K. and China have soured over the years, particularly on the tech front, following actions from the British government designed to stem national security risks from Chinese technology companies.

“The impact of such a breach on UK-Sino relations could be profound,” Javvad Malik, lead security awareness advocate at cybersecurity firm KnowBe4, told CNBC on Monday via email.

“It’s likely to escalate tensions, leading to diplomatic strain and potentially resulting in retaliatory actions in the cyber domain or other areas of bilateral cooperation.”

Malik added that the situation “necessitates a robust response not only in terms of securing compromised systems and preventing further breaches but also in reinforcing the international legal and norms-based systems governing state behavior in cyberspace.”

“To mitigate the aftermath and prevent future incidents, it’s crucial for nations to invest in stronger cybersecurity defenses, international collaboration, and developing capabilities to deter adversaries in the cyberspace domain,” he said.

Some hawkish lawmakers have been pressuring the U.K. government to take tougher action on China.

The Inter-Parliamentary Alliance on China, a cross-border group of lawmakers seeking to reform policy on China, said Monday in a post on social media platform X that they, along with other members of Parliament, activists and dissidents, have been “subjected to harassment, impersonation, and attempted hacking from China for some time.”

“We take this opportunity to highlight that, though extremely unwelcome, our discomfort pales in comparison to Chinese dissidents who risk their lives to oppose the Chinese Communist Party. It is high time that they received greater support for their host governments,” the group said.

In 2020, for example, the U.K. government banned telecommunications equipment from Huawei in its 5G mobile network, citing spying concerns. Huawei, for its part, denies the allegations and says it wouldn’t cooperate with China to spy on Western communications.

Relations between the U.S. and China have also been under significant pressure. U.S. lawmakers recently approved a controversial bill that could lead to TikTok being blocked in the U.S. if it doesn’t break with its Chinese parent ByteDance.

If the bill becomes law, TikTok would have a little less than six months to divest from ByteDance, or be banned from apps and webhosting sites in the U.S.