China “state-affiliated actors” have been blamed by the government for two “malicious” cyber attack campaigns in the UK.
Making a speech in the Commons, Deputy Prime Minister Oliver Dowden revealed the two incidents involved an attack on the Electoral Commission – responsible for overseeing elections and political finance – in 2021, and targeted attacks against China-sceptic MPs.
He confirmed the Foreign Office would be summoning the Chinese ambassador “to account for China’s conduct in these incidents”, and that the UK, alongside international partners such as the US, would be issuing sanctions.
Mr Dowden told MPs: “The cyber threat posed by China affiliated actors is real and it is serious, but it is more than equalled by our determination and resolve to resist it.
“That is how we defend ourselves and our precious democracy.”
But he faced condemnation from backbench Tories for not going far enough, with former immigration minister Robert Jenrick calling the actions of the UK government “feeble” and “derisory”.
Politics live: PM issues nuclear warning
According to the National Cyber Security Centre, the incident at the commission, discovered in 2022, saw the Electoral Roll compromised, including the names and addresses of tens of millions of voters.
But “reconnaissance activity” in 2021, targeting the accounts of former Tory leader Sir Iain Duncan Smith, former Conservative education minister Tim Loughton, crossbench peer Lord Alton of Liverpool and SNP MP Stewart McDonald was unsuccessful.
The latter of the campaigns was blamed on the APT31 group, also known as Judgement Panda or Zirconium, but a specific entity has not been named for the Electoral Commission attack.
However, the Foreign Office has confirmed it is placing sanctions on a front company, the Wuhan Xiaoruizhi Science and Technology Company, and two actors involved in the operations of APT31, Zhao Guangzong and Ni Gaobin – a move echoed by the US government.
Dowden: Attacks completely unacceptable
Mr Dowden said the two cyber attack campaigns were “completely unacceptable” and demonstrated “a clear and persistent pattern of behaviour that signal signals hostile intent from China”.
He added: “The UK does not accept that China’s relationship with the United Kingdom is set on a predetermined course. But this depends on the choices that China makes.
“That is why the Foreign Office will be summoning the Chinese ambassador to account for China’s conduct in these incidents.
“The UK’s policy towards China is anchored in our core national interests. Where it is consistent with these interests, we will engage with the Chinese government.
“But we will not hesitate to take robust actions wherever the Chinese government threatens the United Kingdom’s interests.”
But in response to the cyber attacks highlighted by the UK government, a Chinese Embassy spokesperson said the accusations were “completely fabricated and malicious slanders”.
They added: “China has always firmly fought all forms of cyber attacks according to law. China does not encourage, support or condone cyber attacks.
“At the same time, we oppose the politicisation of cyber security issues and the baseless denigration of other countries without factual evidence.
“We urge the relevant parties in the UK to stop spreading false information and stop their self-staged, anti-China political farce.”
Those MPs targeted by the attacks – all members of the Inter-Parliamentary Alliance on China (IPAC) who probe Beijing’s activities – were briefed by parliament’s director of security on Monday.
‘MPs will not be bullied into silence by Beijing’
Speaking at a press conference afterwards, Sir Iain said the group had been “subjected to harassment, impersonation and attempted hacking from China for some time”, but insisted MPs would not be “bullied into silence by Beijing”.
He called for a “watershed moment” from the government that would see the UK “take a stand for values of human rights and the international rules-based system on which we all depend”.
However, speaking in the Commons after Mr Dowden’s statement, Sir Iain described his words as “like an elephant giving birth to a mouse”, as he called for further sanctions on China – especially over its actions in Hong Kong – and for the country to be defined as a “threat”.
But the deputy prime minister insisted the measures being taken were “proportionate” – though he promised there were the “first step”, adding: “As the situation evolves, we remain totally open to taking further steps.”
Foreign Secretary Lord Cameron is also set to brief the 1922 Committee of backbench Conservative MPs later, where the topic is likely to be top of the agenda.
It comes amid growing pressure on Prime Minister Rishi Sunak from within his own party to take a tougher stance on China, having so far refused to brand the country a threat.
Speaking ahead of Mr Dowden’s statement, the prime minister said: “We’ve been very clear that the situation now is that China is behaving in an increasingly assertive way abroad, authoritarian at home and it represents an epoch-defining challenge, and also the greatest state-based threat to our economic security.
“So, it’s right that we take measures to protect ourselves, which is what we are doing.”
A Downing Street source also told Sky News Mr Sunak had “always had a robust position on China”, but it would “not be a sensible thing to do” to “cut all links” with Beijing, and instead the government took a “eyes wide open approach” to its activities.