On Monday 25th March the UK government called out several China state actors for carrying out cyber attacks aimed at destabilising our democratic institutions. This is not the first time such claims have been levelled against such regimes nor will it be the last
The attack, which compromised the personal data of around 40 million voters, marks the first time China has been directly implicated since the breach came to light.
The breach, revealed by the Electoral Commission in August of last year, was first identified in October 2022 but it was confirmed hostile actors first gained unauthorised access to the organisation’s systems as early as August 2021.
The National Cyber Security Centre – a part of the UK Security Services announced
...that the China state-affiliated cyber actor APT31 was almost certainly responsible for conducting online reconnaissance activity in 2021 against the email accounts of UK parliamentarians, most of whom have been prominent in calling out the malign activity of China.
Separately, the compromise of computer systems at the UK Electoral Commission between 2021 and 2022 has also been attributed to a China state-affiliated actor. The NCSC assesses it is highly likely the threat actors accessed and exfiltrated email data, and data from the Electoral Register during this time.
In response to the attack the NCSC has updated its guidance on Defending Democracy.
Will it affect me or my business?
Whilst the original purpose of the attack was focused on parliamentarians and election interference, as often happens there will be unintended victims whose data has been compromised as well.
Muhammad Yahya Patel, lead security engineer at Check Point Software, said that with access to the data held by the Electoral Commission,
cyber criminals are able to launch sophisticated, targeted attacks that could expose other services, for example, social media platforms or digital banking
He added
It could also be used to steal a person’s online identity, or sold to the highest bidder on the dark web, all of which increases the likelihood of it being leveraged for malicious reasons
With around 40 million voter records vulnerable during the breach, around 60 per cent of the UK population could be at risk as a result.
So now is a great time to review your online security.
What should I do now?
Go to the website haveibeenpwned.com and see whether your e-mail and passwords are already compromised or online – through this breach or any other. The website is free and is used by law enforcement globally to demonstrate to people that their details might already be available to be used by online criminals. To protect your accounts from being compromised we also recommend that everyone uses two-factor authentication avoid using the same passwords across multiple accounts to ensure they are protected.
And you might use this opportunity to sign up as a free member of the Eastern Cyber Resilience Centre – a police led business focused organisation that gives you access to free support tools and guidance that is sector-specific on our website, as well as up to date information about any relevant cybercrime threats.
We also offer affordable student services that can help you protect and prepare for ransomware without breaking the bank. This includes Security Awareness Training, First Step Web Assessments and Remote Vulnerability Assessments, amongst others.
If you would like to know more about what we can do for you at the ECRC, why not book a free chat with us today?
Reporting a live cyber-attack 24/7
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day 7 days a week.
Reporting a cyber-attack which is not ongoing
Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)