China accused of targeting Western democratic institutions

What we know

On Monday 25 March, the UK and U.S. both publicly accused Chinese state-affiliated actors of engaging in a sustained period of 'malicious' cyber activity targeting political institutions, elected officials and political dissidents.

In the UK, the National Cyber Security Centre (NCSC) attributed the targeting of three UK MPs emails in 2021 to APT31, a Chinese state-affiliated actor. Another attack, which compromised the systems of the UK Electoral Commission between 2021 and 2022, has also been attributed to a Chinese state-affiliated actor.

Similarly, the U.S. government accused seven Chinese nationals and the Wuhan-based Xiaoruizhi Science and Technology Company (Wuhan XRZ), believed to be a front for APT31, of coordinating a pervasive hacking campaign against U.S. officials, businesses and critical national infrastructure. Political dissidents and those critical of the Chinese state are believed to have been the primary targets.

Both the UK and U.S. announced sanctions against Wuhan XRZ and two Chinese nationals believed to be directly involved in the operation. The following day, the New Zealand government and its intelligence agency (GCSB) attributed malicious cyber activity against a number of its parliamentary institutions in 2021 to a separate China state-affiliated actor, APT40.

Why it matters

In a week where three members of the Five Eyes intelligence community have simultaneously attributed 'malicious' cyber activity to groups affiliated with the Chinese state, such a response could be considered a coordinated and clear warning to Beijing, as both the UK and U.S. head into an important electoral cycle this year.

According to the U.S. Treasury, targets have included high-ranking government officials (including members of Congress and their family members), White House security staff, and education institutions with close links to the U.S. military, thus “directly endangering U.S. national security.”

For the UK Electoral Commission, it is believed that threat actors accessed and exfiltrated email data and personal data from the Electoral Register (the UK has some 40 million registered voters), with the NCSC warning it could be used by Chinese intelligence services for "large-scale espionage and transnational repression of perceived dissidents and critics in the UK."

With the UK and U.S.  elections on the horizon, threats of espionage and malicious cyber activity are likely to increase in the months ahead.

Whilst any form of targeted cyber activity against democratic institutions is a concern, the key focus for security experts and elected officials, however, will be to differentiate between cyber activity that constitutes conventional forms of espionage over those that pose direct threats to democratic processes in the months ahead.