Chinese state-backed hackers were responsible for two “malicious” digital campaigns targeting the UK’s democratic institutions and politicians, the security services have found.
The UK holds China responsible for a prolonged cyber-attack on the Electoral Commission during which Beijing allegedly accessed the personal details of about 40 million voters.
The National Cyber Security Centre, part of GCHQ, also found that four British parliamentarians who have been critical of Beijing were targeted in a separate attack, although the activity was identified before any systems were compromised.
Two individuals and a front company linked to the Chinese state-sponsored the cyber-group APT31, which is linked to the Chinese ministry of state security and is believed to have been behind the hack, have been hit with sanctions by the UK as a result.
Oliver Dowden told MPs that Beijing’s attempts to interfere with UK democracy and politics had not been successful, although the government has faced criticism for being too slow to respond.
“The UK will not tolerate malicious cyber-activity targeting our democratic institutions. It is an absolute priority for the UK government to protect our democratic system and values,” the deputy prime minister said.
“I hope this statement helps to build wider awareness of how politicians and those involved in our democratic processes around the world are being targeted by state-sponsored cyber-operations. We will continue to call out this activity, holding the Chinese government accountable for its actions.”
Dowden said the Foreign Office would summon China’s ambassador to account for its actions. “We will not hesitate to take swift and robust actions wherever the Chinese government threatens the United Kingdom’s interests,” he added.
Since the attacks in 2021 and 2022, the UK had bolstered its cyber-defences, Dowden said. This included setting up the Defending Democracy Taskforce and bringing in the National Security Act 2023, giving the security services and law enforcement agencies more powers to disrupt hostile activity.
However, the head of an international group of parliamentarians focusing on China said the UK government had been too slow to respond to cyber-attacks, especially given that the Electoral Commission hack was first detected in 2022.
MPs and peers are among 43 people who the government looks likely to confirm have been targeted by cyber-attacks backed by the Chinese state.
Pat McFadden, the shadow chancellor of the duchy of Lancaster, said Labour supported “efforts to counter attempts by China or any other state to interfere with or undermine the democratic process, or attempts to stop elected representatives going about their business, voicing their opinions or casting their votes without fear or favour.”
But he questioned why David Cameron, the foreign secretary, was addressing the 1922 Committee of Tory MPs on Monday rather than briefing opposition parties and parliament’s intelligence security committee.
At a press conference, three MPs who have been targeted in cyber-attacks by Beijing-linked actors called for China to be formally labelled a threat to UK security.
Iain Duncan Smith, the former Tory leader, said he and colleagues had been “subjected to harassment, impersonation and attempted hacking from China for some time” but MPs would not be “bullied into silence by Beijing”.
He added: “We must now enter a new era of relations with China, dealing with the contemporary Chinese Communist party as it really is, not as we would wish it to be.”
Luke de Pulford, the executive director of the Inter-Parliamentary Alliance on China (Ipac), told the BBC that the government “was a little bit reluctant to say that China had actually done this”.
“There seems to be a reluctance in general to hold China to account for its abuses,” he said, adding that the UK had thus far imposed sanctions against some middle-level level officials in China over rights abuses in Xinjiang, but had failed to take similar action over Hong Kong, despite the UK’s historical role with the territory.
China has rejected the claims. “The so-called cyber-attacks by China against the UK are completely fabricated and malicious slanders. We strongly oppose such accusations,” a spokesperson for the Chinese embassy in Britain said in a statement on the embassy website. “China has always firmly fought all forms of cyber-attacks according to law. China does not encourage, support or condone cyber-attacks.”
Lord Cameron has raised the cyber-attacks on Britain’s democratic institutions directly with the Chinese foreign minister, Wang Yi.
“It is completely unacceptable that China state-affiliated organisations and individuals have targeted our democratic institutions and political processes. While these attempts to interfere with UK democracy have not been successful, we will remain vigilant and resilient to the threats we face,” Cameron said.
“We will always defend ourselves from those who seek to threaten the freedoms that underpin our values and democracy. One of the reasons that it is important to make this statement is that other countries should see the detail of threats that our systems and democracies face.”