U.K. attributes 2021 cyberattack to China, raises concerns over electoral data breach

The U.K. government has officially attributed a 2021 cyberattack compromising the personal information of millions of U.K. voters to hackers operating under the auspices of the Chinese government. In a statement to lawmakers in Parliament, Deputy Prime Minister Oliver Dowden pointed fingers at China for the data breach at the Electoral Commission.

 

Dowden emphasized the government’s commitment to taking decisive measures against any threats the Chinese government poses to the U.K.’s interests. This announcement marks the first time the United Kingdom has explicitly blamed China for the breach, which was initially disclosed in 2023.

 

The breach, which occurred in 2021 but went undetected until a year later, affected approximately 40 million U.K. citizens, including registered voters from 2014 to 2022 and overseas voters. The Electoral Commission, responsible for managing the U.K. voter register, confirmed the unauthorized access to names and addresses.

 

The U.K. National Cyber Security Centre (NCSC) stated that Chinese hackers likely infiltrated and extracted emails and data from the electoral register during the cyberattack. Concerns were raised regarding the potential use of this data for espionage purposes and repression of dissidents and critics within the U.K.

 

Despite these assertions, when approached by TechCrunch, an NCSC spokesperson refrained from directly attributing the breach to any specific China-backed threat actor. However, the NCSC did mention a separate attempted cyberattack in 2021 targeting the email accounts of U.K. lawmakers, which was thwarted by parliamentary authorities.

 

The NCSC attributed this attempted breach to a Chinese hacking group known as APT31, recognized for targeting online accounts of foreign government officials. APT31 employs sophisticated malware capable of breaching systems and exfiltrating sensitive information. While the specific lawmakers targeted were not disclosed, the NCSC noted that many have been vocal in denouncing China’s malicious activities.

 

In response to these allegations, Liu Pengyu, a spokesperson for the Chinese Embassy in the U.K., denied cyberattack involvement, emphasizing China’s opposition to such activities. However, Pengyu stated that China would employ lawful methods to counter cyber threats.