china electoral commission cyber attack

The UK Government has officially blamed China for a cyber attack on the electoral commission that exposed over 40 million British citizens’ data in 2021. 

Deputy Prime Minister Oliver Dowden is set to tell MPs tomorrow that the superpower was behind the attack in an announcement that will come on the same day that the US government draws the same conclusion. 

Mr Dowden will reportedly suggest those behind the attack had links to Beijing, as well as laying out how the UK will respond to what it deems a wider threat.

Several Chinese suspects are also set to be blacklisted by the UK Foreign Office for their involvement, a day after the office was accused of being too hesitant in calling out China for its role in the attack. 

As the government prepares to sanction those believed to be involved in the state-sponsored attack, British Prime Minister Rishi Sunak called China "the greatest state-based challenge to our national security.”

“China represents an economic threat to our security and an epoch-defining challenge. So it is right we take steps to protect ourselves, the PM added. 

He would not be drawn on Mr Dowden’s announcement but praised the UK’s “world-leading” cyber security.

A 'malign' cyber attack 

Sunak was urged to “end its naivety” on China after the country was accused of being behind the “malign” cyber attack on the Electoral Commission as well as against 43 MPs and peers.

The incident remained undetected until October 2022, and it’s believed attackers accessed reference copies of electoral registers held for research and political donation checks. These registers contain personal details like names, addresses, and dates of birth for millions of voters.

Read: Top 10 Biggest Cyber Attacks in History

The attackers may have also compromised the Commission's email servers and control systems, potentially allowing them to intercept communications, disrupt operations, or even plant malware.

Acknowledging the attacks at the time, the Electoral Commission said unspecified "hostile actors" had gained unauthorized access to copies of the electoral registers and broken into its emails and "control systems", but added that the beach had no impact on any elections.

electoral commission cyber attack notice
Electoral Commission cyber attack notice. Source: Electoral Commission

“The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting. This means it would be very hard to use a cyber attack to influence the process,” Shaun McNally, the Electoral Commission Chief Executive, said in a statement at the time.

“While the data contained in the electoral registers is limited, and much of it is already in the public domain, we understand the concern that may have been caused by the registers potentially being accessed and apologise to those affected.”

The exact methods used by the attackers remain unknown, but investigations revealed they gained access to the Commission's servers for over a year. 

'Britain’s biggest state-backed threat'

Echoing the language used in the government’s foreign policy review, Mr Sunak called China “the greatest state-backed” threat to Britain’s economic security.”

 “We’ve been very clear that the situation now is that China is behaving in an increasingly assertive way abroad, authoritarian at home and it represents an epoch-defining challenge, and also the greatest state-based threat to our economic security.

“So, it’s right that we take measures to protect ourselves, which is what we are doing.”

Still, some still don’t feel that the UK is doing enough to protect the UK from Chinese cyber attacks. Former minister Tim Loughton, who was one of the 43 MPs reportedly targetted by China in 2021, told BBC Radio 4 that "for too long" the government has not taken the "strategic threat" from China seriously.

 "We need to have a raft of senior Chinese officials seriously sanctioned because of what's been going on with this cyber attack, what's going on in Hong Kong [and] in Xinjiang".

Luke de Pulford, chair of the Inter-Party Alliance on China, said the government still appears to be "reluctant, in general, to hold China to account for its abuses".

He added that China-backed cyber attacks "have been going on for a very long time", and that politicians working with his group "suffered impersonation emails sent in their names" back in 2021.