UK government blames Chinese hackers for 2021 cyberattack that exposed personal information of millions of British voters

British Deputy Prime Minister Oliver Dowden issued a statement to members of Parliament in Parliament on Monday, blaming the 2021 Electoral Commission data breach on hackers working for the Chinese government. Dowden told MPs that "the British government will not hesitate to take swift and forceful action whenever the Chinese government threatens British interests."

This is the first time the vulnerability has been attributed in the UK since the cyber attack was first disclosed in 2023.

The Electoral Commission, which keeps copies of the UK's register of citizens eligible to vote, said at the time that hackers had stolen the names and addresses of around 40 million British citizens, including those registered to vote between 2014 and 2022 and overseas voters. The data breach began as early as 2021 but was not discovered until a year later.

Britain's National Cyber ​​Security Center (NCSC) said in a statement on Monday that it was "highly likely" that Chinese hackers accessed and exfiltrated emails and data from the electoral register during the hack.

The UK's National Cyber ​​Security Center said Chinese intelligence services could use the data to "carry out large-scale espionage and transnational repression against dissidents and critics in the UK".

However, a spokesperson for the commission declined to attribute the Electoral Commission data breach to any specific China-backed threat actor.

Dowden said that in 2021, a China-backed hacking group launched another attempted cyber attack on the email accounts of British lawmakers, but parliamentary authorities mitigated the attempted intrusion before any email accounts were compromised.

Britain's National Security Council blamed the attempted email hacks on a Chinese hacking group known as APT31, which is known for attacking the online accounts of foreign government officials. Security researchers say the malware used by APT31 is capable of creating backdoors in systems and exfiltrating sensitive information. The Norwegian government blamed APT31 for a data breach of its systems in 2018.

The UK did not say which MPs' email accounts were targeted, but the UK's National Security Council said most of the affected MPs were "prominent in condemning China's malign activity".

A spokesman for the Chinese Embassy in the UK denied the accusation, saying China "does not encourage, support or condone hackers to launch attacks", but added that China would "adopt legal means" to fight back against cyber attacks.

"The malicious activity we have exposed today is part of a broader pattern of unacceptable behavior we are seeing China's state-affiliated actors targeting the UK and around the world," NCSC operations director Paul Chichester said. "Behavior that targets our democratic institutions is unacceptable, and NCSC will continue to condemn cyber actors who pose a threat to the institutions and values ​​that underpin our society."

CNN reported on Monday that the Biden administration is preparing to accuse several Chinese hackers of participating in APT31's operations against American companies. In 2020, Google security researchers linked APT31 to attacks on the Trump and Biden presidential campaign email accounts.

Last month, a set of documents leaked by Chinese government contractor I-Soon revealed how the private contractor carried out hacking attacks against other governments at the behest of Chinese authorities.