UK Government Accused of Downplaying Chinese Cyberattacks

Dozens of China hawks from legislatures around the world who were targeted said they found emails from the hackers in their inboxes.
UK Government Accused of Downplaying Chinese Cyberattacks
Chancellor of the Duchy of Lancaster and Deputy Prime Minister Oliver Dowden speaking in Whitehall after a statement to Parliament that Beijing is behind a wave of state-backed interference, in London on March 25, 2024. Stefan Rousseau/PA Wire
Lily Zhou
Updated:
0:00

The UK government has been accused of downplaying the impact of cyberattacks from China after hackers targeted a group of lawmakers critical of Beijing.

On March 25, Deputy Prime Minister Oliver Dowden announced sanctions against two Chinese hackers from the state-affiliated APT31 group over attacks against the UK’s electoral system and Parliament.

The action was taken in coordination with the United States.

Luke de Pulford, executive director of the Inter-Parliamentary Alliance on China (IPAC), pointed to discrepancies in information published by the UK and the United States, saying only five parliamentarians were briefed while 43 Parliament emails were affected, and that Mr. Dowden failed to mentioned IPAC members had been targeted by the hackers.

He also disputed the deputy prime minister’s claim that attacks against Parliament were “unsuccessful.”

IPAC, an alliance of 47 UK parliamentarians and over 200 lawmakers from other legislatures on six continents, was founded in 2020 in response to the challenge posed by the Chinese communist regime.

In a thread posted on social media platform X on Monday, Mr. De Pulford said the deputy prime minister didn’t “say ‘IPAC’ once” while he briefed Parliament on the attacks on March 25, but an indictment unsealed by the U.S. Department of Justice on the same day said the hackers had sent 1,000 emails to more than 400 accounts of individuals associated with IPAC, allowing them to “track delivery metrics on emails and receive data from victims that opened the emails, including the victims’ IP addresses, browser types, and operating systems.”

The method used, called “tracking pixels,” is also used by advertisers to gather information.

According to the indictment, targets of the campaign included every EU member of IPAC and 43 UK parliamentary accounts, most of whom were members of IPAC or had been outspoken on topics relating to the Chinese regime.

Mr. De Pulford questioned the “disparity” between information released in the UK and the United States, and why the two governments didn’t inform IPAC that its members were targeted.

The campaigner said IPAC had first learned about a “pixel attack on the whole of IPAC” in mid-2021 from the security services in an unspecified EU country.

He also pointed to an APT31 attack that targeted IPAC’s Belgian co-chair Rep. Samuel Cogolati, which the Belgian government confirmed in 2023, and said the group “didn’t know this was the same attack.”

IPAC members in the UK only “started to get worried” in 2024 when five parliamentarians were “to be briefed on a cyber attack,” Mr. De Pulford said.

‘Dozens’ Emails Found

The deputy prime minister has said the “reconnaissance” email campaign targeting parliamentarians was “entirely unsuccessful” as it was blocked by Parliament’s cyber security measures.

According to Mr. De Pulford, “dozens” of IPAC members have found emails from the same domain name that was used to attack Mr. Cogolati in their inboxes.

He also said two non-UK IPAC legislators “were successfully compromised in mid-late 2021. Fully hacked” after the reconnaissance campaign, noting that the incidents may or may not be connected.

Mr. De Pulford told the Financial Times that he believes “it was all downplayed to a point many find unacceptable.”

“If they had detected that information was being sent to China, it makes no sense that they would allow dozens of offending emails to stay on the parliamentary system for three years,” he said.

According to the FT, “at least 10 politicians at Westminster” found emails sent from the hackers.

It’s understood the Parliamentary Security Department blocked the pixel tracker after identifying the reconnaissance activity, and the presence of emails in parliamentary inboxes in and of itself doesn’t pose a security risk.

In an email to The Epoch Times, the government said the attack was “successfully mitigated.”

“As the deputy prime minister said in his statement to Parliament, no parliamentary accounts were successfully compromised in this targeting by APT31 in 2021,” a spokesperson said.

“The campaign was successfully mitigated by Parliament’s Security Department.

“Defending our democratic processes is an absolute priority and we will continue calling out malicious activity that poses a threat to our institutions and values.”

The spokesperson added that the use of tracking pixels in emails “is not malicious in itself and they are widely used by legitimate businesses and organisations every day.”