China blamed for UK voter data hack that stole details of 40 million people

(Image credit: Shutterstock)

The UK government has formally accused China of stealing UK voter data in an attack that took place in August 2021.

The Electoral Commission (EC) suffered a breach after “hostile actors” stole copies of electoral registers. The EC states that the attack had no effect on elections or individuals' electoral registration status, despite the details of up to 40 million UK citizens being stolen.

Deputy Prime Minister Oliver Dowden has laid the blame squarely on Beijing-backed hacker group APT31 when he addressed Parliament, according to BBC News.

Attacks and interference expected to increase as election looms

In Downden’s address to parliament, the deputy prime minister linked the EC attack to a wider threat perpetrated by state-backed groups.

Other western nations, including New Zealand, have laid out their concerns. German politicians recently suffered a number of high profile phishing attacks linked to Russian-sponsored groups.

Two individuals, Zhao Guangzong and Ni Gaobin, and one company, Wuhan Xiaoruizhi Science and Technology Company Ltd, have been sanctioned in the UK as part of the government's response to the attack by APT31. UK registered companies will no longer handle their funds or assets, and the individuals will be banned from entering the UK.

"APT31 has a history of targeting politicians in the US and Europe. They have gone after political campaigns, parliamentarians, and other targets for insights into the landscape," said John Hultquist, Chief Analyst, Mandiant Intelligence - Google Cloud. "As we’ve seen in previous election cycles, actors like APT31 turn to political organizations to find the geopolitical intelligence that they're tasked with collecting."

"Politicians, parties, and elections organizations are rich sources of intelligence that offer collectors everything from rare geopolitical insights to enormous troves of data," Hultquist continued. "These are all serious incidents, but this information, once stolen, is not necessarily destined to be used in active interference like previous hack and leak operations by Russian actors."

A number of members of the UK Parliament have been targeted in China-linked cyber attacks, with many of them being members of the Inter-Parliamentary Alliance on China - a body that regularly criticizes the policies and activities of China.

"Stop spreading false information and take a responsible attitude to jointly maintain peace and security in cyberspace,” was the response from Lin Jian, China’s foreign ministry spokesperson, as he addressed the potential involvement of Beijing further stating that the government does not tolerate malicious cyber activities.

The UK is expected to hold a general election in the second half of 2024, and there is trepidation that malicious actors could seek to influence or disrupt the outcome through misinformation campaigns and cyber attacks.

Several key public institutions, including the MoD, have critical cybersecurity flaws and are increasingly ineffective in responding to breaches and vulnerability exploitation.

The US has also charged several Chinese nationals for participating in a hacking scandal that has been ongoing for 14 years and may have affected millions of Americans.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but also likes to draw on his knowledge of geopolitics and international relations to understand the motivations and consequences of state-sponsored cyber attacks. Benedict has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham.