The United States, Britain and New Zealand have accused Beijing-backed cyber groups of being behind a series of attacks against lawmakers and key democratic institutions — allegations that prompted angry Chinese denials.
In rare and detailed public accusations against China — Washington, London and Wellington described a series of cyber breaches over the last decade or more, in what appeared to be a concerted effort to hold Beijing accountable.
The US Justice Department charged seven Chinese nationals over what it said was a 14-year “prolific global hacking operation” designed to aid China’s “economic espionage and foreign intelligence objectives.”
Deputy Attorney General Lisa Monaco on Monday said the campaign involved more than 10,000 emails being sent, targeting US and foreign-based businesses, politicians, candidates for elected office and journalists.
Washington said a unit, dubbed APT31, was behind the attacks, describing it as a “cyberespionage program” run by China’s powerful Ministry of State Security out of the central city of Wuhan.
The hackers gained access to “email accounts, cloud storage accounts, and telephone call records” the Justice Department said, monitoring some accounts for “years”.
Hours later, London said that from 2021-2022 the same APT31 group had targeted UK lawmakers’ accounts, including many who were critical of Beijing’s policies.
With Britain expected to hold a general election within months, UK Deputy Prime Minister Oliver Dowden also made a shock announcement that “a Chinese state-affiliated entity” had likely “compromised” the country’s Electoral Commission.
He said that both campaigns against lawmakers and the Electoral Office, while a “real and serious threat”, were ultimately thwarted.
“It will not impact how people register, vote or otherwise participate in democratic processes,” Dowden said.
Two individuals and one company linked to APT31 have been hit with UK sanctions.
In a parallel announcement, New Zealand on Tuesday said its Parliamentary Counsel Office, which drafts and publishes laws, had been compromised around the same period.
New Zealand, normally one of China’s strongest backers in the West, blamed the Chinese “state-sponsored group” APT40 for the attack.
Recently elected centre-right Prime Minister Christopher Luxon admitted it was a “big step” to blame the cyber attack on China, his country’s biggest trade partner.
New Zealand Foreign Minister Winston Peters said he had instructed diplomats to “speak today to the Chinese Ambassador, to lay out our position and express our concerns”.
“That conversation has now taken place,” he said.
‘Malicious slander’
In recent years, Western nations have been increasingly willing to expose malicious cyber operations, and to point fingers at foreign governments — most notably China, Russia, North Korea and Iran.
But China reacted angrily to the accusations, with embassies and in London, Wellington and Washington issuing denunciations.
“The UK’s hype-up of the so-called ‘Chinese cyberattacks’ without basis and the announcement of sanctions is outright political manipulation and malicious slander,” the Chinese embassy in London said.
China has “never encouraged, supported or condoned cyberattacks” the embassy claimed.
It was a similar message from Wellington, where the Chinese embassy accused its hosts of “completely barking up the wrong tree.”
“As a matter of fact, China is a major victim of cyberattacks,” the embassy said.
Both Russia and China have been accused of using cutouts and off-site groups to carry out cyberattacks, making attribution more difficult.
Conservative MP Iain Duncan Smith, one of the targeted UK lawmakers, said Beijing should be labelled a threat to the country.
He was one of several UK MPs sanctioned by China in 2021 because of criticisms of human rights abuses against China’s Uyghur minority and in Hong Kong.
Britain and the United States operate vast cyber operations of their own, although rarely acknowledge them in public.
The two nations, along with New Zealand, Australia and Canada are part of the FiveEyes intelligence sharing network.
burs-arb/ssy