26 Mar 2024

US, UK accuse China over spy campaign that may have hit millions

7:21 am on 26 March 2024
From left, UK Conservative MP Tim Loughton, former Conservative leader, Iain Duncan Smith and SNP former defence spokesman Stewart McDonald from the Inter-Parliamentary Alliance on China, hold a press conference in central London on March 25, 2024 on accusations against China of cyberespionage.

From left, UK parliamentarians Tim Loughton, Iain Duncan Smith and Stewart McDonald from the Inter-Parliamentary Alliance on China, hold a press conference on accusations against China of cyberespionage. Photo: AFP

By Daphne Psaledakis and James Pearson, Reuters

US and British officials have filed charges, imposed sanctions, and called out Beijing over a sweeping cyberespionage campaign that allegedly hit millions of people - including lawmakers, academics, journalists and more.

Authorities on both sides of the Atlantic accused the hacking group nicknamed "APT31" of being an arm of China's Ministry of State of Security and reeled off a laundry list of targets: White House staffers, US senators, British parliamentarians, and government officials across the world who criticised of Beijing. Defence contractors, dissidents, security companies were also hit, the officials said.

In an indictment unsealed on Monday against seven of the alleged Chinese hackers involved, US prosecutors said the hacking resulted in the confirmed or potential compromise of work accounts, personal emails, online storage and telephone call records belonging to millions of Americans.

The aim of the global hacking operation was to "repress critics of the Chinese regime, compromise government institutions, and steal trade secrets," Deputy Attorney General Lisa Monaco said in a statement.

China's Embassy in Washington did not immediately return a message seeking comment on the US allegations, but the Chinese Embassy in London described the earlier UK charges as "completely fabricated and malicious slanders".

Reuters was not immediately able to locate contact information for the seven alleged hackers being charged by the Department of Justice.

The announcements were made as both Britain and the US imposed sanctions on a firm they said was a Ministry of State Security front company.

The US Treasury Department in a statement said the sanctions were on Wuhan Xiaoruizhi Science and Technology, as well as on two Chinese nationals.

Britain's Foreign Secretary David Cameron reacts as he leaves Westminster Abbey in London, on March 11, 2024, at the end of the annual Commonwealth Day service ceremony. (Photo by Daniel LEAL / AFP)

Britain's Foreign Secretary David Cameron. Photo: AFP / DANIEL LEAL

Britain says China hacked electoral watchdog, targeted lawmaker emails

Britain accused Chinese hackers of trying to break into the email accounts of British lawmakers who were critical of China and said a separate Chinese entity was behind a hack of its electoral watchdog that compromised millions of people's data.

In response to the attempted hack in 2021 of emails belonging to British politicians "prominent in calling out the malign activity of China", Britain imposed sanctions on two people and one company linked to state-backed Chinese hacking group APT31, the Foreign Office said in a statement.

It also said an unidentified Chinese state-affiliated hacking group was behind a separate 2021-2022 cyber-attack on Britain's Electoral Commission.

That hack was disclosed last year but Britain had not previously said who was responsible.

Foreign Secretary David Cameron described the hacks as "completely unacceptable", according to the statement.

China rejected the accusations that Chinese-state affiliated organisations were responsible for hacks.

"The so-called cyber attacks by China against the UK are completely fabricated and malicious slanders. We strongly oppose such accusations," a spokesperson for the Chinese embassy in Britain said in a statement on the embassy website.

"China has always firmly fought all forms of cyber attacks according to law. China does not encourage, support or condone cyber attacks."

New Zealand's history with cyber attack

In New Zealand, in July 2021 the then-minister for the Government Communications Security Bureau, Andrew Little, revealed malicious cyber activity had been linked to the Chinese Government.

Then Little said the foreign intelligence agency had established links between Chinese state-sponsored actors known as Advanced Persistent Threat 40 (APT40) and malicious cyber activity in New Zealand.

Trade and politics

The British government is attempting to strike a delicate balance between trying to neutralise security threats posed by China while maintaining or even enhancing engagement in some areas such as trade, investment and climate change.

But there has been growing anxiety about China's alleged espionage activity in Britain, particularly ahead of a general election expected later this year.

In this video grab taken from footage broadcast by the UK Parliamentary Recording Unit (PRU) via the Parliament TV website on March 25, 2024, Britain's Chancellor of the Duchy of Lancaster and Deputy Prime Minister Oliver Dowden makes a statement on Chinese cyber attacks, in the House of Commons.

UK Deputy Prime Minister Oliver Dowden makes a statement on Chinese cyber attacks in the House of Commons. Photo: AFP PHOTO / PRU

Tensions between Beijing and Western powers over issues related to cyberespionage have been rising as Western intelligence agencies increasingly sound the alarm on Chinese state-backed hacking activity.

Last month, security officials told Reuters that the US government had launched an operation to fight a pervasive Chinese hacking operation that compromised thousands of internet-connected devices. Days later, Dutch intelligence agencies said Chinese cyberspies had gained access to a military network in The Netherlands in what they said was a trend of Chinese political espionage.

APT31, the Chinese hacking group behind the targeting of British lawmaker emails, has a history of spying on politicians and their staff. In 2020, security researchers at Google and Microsoft warned that the group had targeted the personal emails of campaign staff working for US President Joe Biden. According to US cybersecurity firm Secureworks, APT31 has also targeted legal, consulting, and software development firms.

Britain has spent the last year trying to improve ties with China after the relationship sunk to its lowest point in decades under former prime minister Boris Johnson, when London restricted some Chinese investment over national security worries and expressed concern over a crackdown on freedoms in Hong Kong.

- These stories were first published on Reuters

Get the RNZ app

for ad-free news and current affairs