{
	"id": "7f03f219-1f5f-45bc-88f2-830f7c627c39",
	"created_at": "2026-04-06T00:19:56.794644Z",
	"updated_at": "2026-04-10T03:37:22.846178Z",
	"deleted_at": null,
	"sha1_hash": "2fa3e135c36fb984e768f9110e6371c9bbe5e12e",
	"title": "UK Blames China for 2021 Hack Targeting Millions of Voters' Data",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 68564,
	"plain_text": "UK Blames China for 2021 Hack Targeting Millions of Voters'\r\nData\r\nBy Kevin Poireault\r\nPublished: 2024-03-25 · Archived: 2026-04-05 15:31:27 UTC\r\nThe UK government has called out China state-affiliated threat actors for carrying out hacking campaigns against\r\nUK institutions and political figures in 2021.\r\nThe House of Commons was briefed on March 25 by UK Deputy Prime Minister Oliver Dowden about cyber-attacks that accessed the personal details of millions of voters in August 2021.\r\nChinese-backed threat actors have been blamed following an investigation led by the UK National Cyber Security\r\nCentre (NCSC), which assessed that the attack originated from China.\r\nElectoral Commission Hack Linked to Chinese Intelligence Services\r\nIn August 2023, the UK’s Electoral Commission revealed that an attack on voters' data occurred in August 2021.\r\nThe incident was first discovered in October 2022.\r\nThe threat actor had broken into the election watchdog’s emails and \"control systems\" and gained access to copies\r\nof the electoral registers.\r\nAlthough the Commission said at the time it could not identify how much data was compromised, its register\r\ncontains the details of approximately 40 million people.\r\nAccording to NCSC, it is highly likely that a China-backed threat actor accessed and exfiltrated data, including\r\nemail data, from the Electoral Register during this time.\r\n“The data, in combination with other data sources, would highly likely be used by the Chinese intelligence\r\nservices for a range of purposes, including large-scale espionage and transnational repression of perceived\r\ndissidents and critics in the UK,” the NCSC added in a public statement.\r\nThe threat group has not been named.\r\nSpeaking to Infosecurity, Camellia Chan, CEO and co-founder of Flexxon, commented that it is “incredibly\r\nconcerning” that the cyber-attack which took place in 2021 has only today been linked to the cybercriminals\r\nresponsible.\r\nShe added: “With more than 2 billion voters in more than 50 countries heading to the polls this year – the UK\r\nincluded – robust cybersecurity measures are needed to ensure threats are detected and dealt with as soon as\r\npossible, not only for voter safety but government protection too. This includes identifying cybercriminals and\r\nmaking them public to ensure others are aware of the threat posed.”\r\nhttps://www.infosecurity-magazine.com/news/uk-blames-china-for-2021-electoral/\r\nPage 1 of 4\n\nChina-Backed APT31 Behind MP Email Hacking Campaign\r\nSeparately, the NCSC investigation concluded that the Chinese-affiliated threat actor APT31 (aka Judgement\r\nPanda, Violet Typhoon, Zirconium) was “almost certainly” responsible for conducting online reconnaissance\r\nactivity against the email accounts of UK parliamentarians in 2021.\r\nThe parliamentarians included former Conservative leader Sir Iain Duncan Smith, former Conservative minister\r\nTim Loughton, and MP and Scottish National Party (SNP) member Stewart McDonald.\r\nThe three are all members of the Inter-Parliamentary Alliance on China, a committee that has often been critical of\r\nChina.\r\nThe NCSC added that this latter cyber-attack “was identified and successfully mitigated by Parliament’s Security\r\nDepartment before any accounts could be compromised.”\r\nDuring his address to British MPs, Dowden also said the UK issued sanctions against one Chinese-affiliated\r\norganization and two individuals involved in the malicious campaigns targeting the UK.\r\nChina Denies Involvement\r\nFormer British Army and UK Government intelligence specialist and co-founder of Ecliptic Dynamics, Tom\r\nKidwell, told Infosecurity that this outright accusation was a first and could have a significant impact.\r\n“The proposed sanctions from the UK to China marks a huge shift in the rhetoric against the Chinese State by the\r\nUK. Publicly accusing another member of the UN Security Council of attempting to influence or disrupt your\r\nelection process is significant,” he said.\r\nKidwell added that China would never acknowledge any involvement in the attacks and that the relationship\r\nbetween the two states could worsen.\r\n“Providing hard evidence of a direct link to Chinese state involvement will be difficult to release into the public\r\ndomain,” he said. “This will likely just become a back and forth between the two states, with the UK making a\r\npublic accusation and China inevitably denying involvement.”\r\nThe Chinese government has already denied involvement in either malicious campaign. During a press\r\nconference, Lin Jian, a Chinese Foreign Ministry spokesperson, described the UK accusations as “false\r\ninformation.” He invited the UK government to back their claims with “objective evidence.”\r\n“We advocate all countries to deal with this together through dialogue and cooperation. We hope, rather that\r\nparties can stop spreading this false information and take a responsible attitude and jointly safeguard security and\r\npeace of cyberspace,”  Jian added.\r\nCybersecurity Experts Question the Purpose of Such a Data Theft\r\nThe targeting of British politicians by a foreign power should not be a surprise to the UK government, according\r\nto Stephen Robinson, a senior threat intelligence analyst at WithSecure.\r\nhttps://www.infosecurity-magazine.com/news/uk-blames-china-for-2021-electoral/\r\nPage 2 of 4\n\n“Indeed, recent reporting on the I-Soon leaks has stated that organizations who were contracted to perform cyber\r\noperations for the Chinese government described the UK Foreign Office and Treasury as priority targets for the\r\nChinese government,” he said.\r\nRead more: I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage\r\nHowever, Robinson warned not to draw hasty conclusions regarding the objectives of these malicious campaigns.\r\nLike other large data breaches attributed to China, such as the Equifax hack in 2020, Robinson added that data\r\ntheft from the Electoral Commission could be motivated by a desire for high-quality PII on UK citizens rather\r\nthan an attempt at direct electoral influence.\r\nKidwell raised the same question: “What is interesting is the point of the attack. If China was responsible, what\r\ndid they seek to achieve? Was it to collect data, or to disrupt or influence the outcome? If it was to influence the\r\noutcome of future elections, what would be the best outcome from a Chinese perspective?”\r\n“For me, the key line in the reports I have seen is that the attacks targeted 'control systems.' This likely means that\r\nthe attackers attempted to gain access to these systems to wait for a more impactful point in the future to deliver\r\nthe intended payload and cause the desired disruption,” Kidwell commented.\r\n“It isn’t a coincidence that the UK is releasing this information in the build-up to an election, and I would expect\r\nmore of this in the coming months in terms of rhetoric from the UK and allies,” he concluded.\r\nUK Releases New ‘Defending Democracy’ Guidance\r\nPaul Chichester, NCSC Director of Operations, commented: “The targeting of our democratic system is\r\nunacceptable and the NCSC will continue to call out cyber actors who pose a threat to the institutions and values\r\nthat underpin our society. The malicious activities we have exposed today are indicative of a wider pattern of\r\nunacceptable behavior we are seeing from China state-affiliated actors against the UK and around the world.”\r\n“It is vital that organizations and individuals involved in our democratic processes defend themselves in\r\ncyberspace, and I urge them to follow and implement the NCSC’s advice to stay safe online.”\r\nThe Dowden address to British MPs coincided with the publication of new ‘Defending Democracy’ guidance.\r\nThis document offers advice to aid IT practitioners implement security measures that will help prevent common\r\ncyber-attacks.\r\nThese include establishing controls against spear-phishing and DDoS attacks as well as setting up multifactor\r\nauthentication on cloud and internet-connected services.\r\nUS Sanctions APT31 Associates\r\nWhile Dowden was speaking in the House of Commons, the US government issued sanctions against one Chinese\r\nentity and seven individuals, some of whom were also accused of being associated with APT31.\r\nhttps://www.infosecurity-magazine.com/news/uk-blames-china-for-2021-electoral/\r\nPage 3 of 4\n\nThe sanctioned Chinese organization is Wuhan Xiaoruizhi Science and Technology Company, Limited (also\r\nknown as Wuhan XRZ), a Ministry of State Security (MSS) front company based in Wuhan.\r\nIt “has served as cover for multiple malicious cyber operations,” said the US Department of the Treasury’s Office\r\nof Foreign Assets Control (OFAC) in a public statement.\r\nTwo of the seven individuals indicted by the US Justice Department, Zhao Guangzong and Ni Gaobin, are\r\naffiliated with Wuhan XRZ.\r\nThe indictment accused them of participating in a yearslong hacking effort that targeted “some of America’s most\r\nvital critical infrastructure sectors [and] resulted in the confirmed and potential compromise of data belonging to\r\nmillions of Americans, [some of] which could be released in support of malign influence targeting US democratic\r\ninstitutions.”\r\nOn March 26, the New Zealand government also accused China of hacking the country's parliamentarian entities.\r\nThis article has been updated on March 26, 2024.\r\nSource: https://www.infosecurity-magazine.com/news/uk-blames-china-for-2021-electoral/\r\nhttps://www.infosecurity-magazine.com/news/uk-blames-china-for-2021-electoral/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.infosecurity-magazine.com/news/uk-blames-china-for-2021-electoral/"
	],
	"report_names": [
		"uk-blames-china-for-2021-electoral"
	],
	"threat_actors": [
		{
			"id": "aacd5cbc-604b-4b6e-9e58-ef96c5d1a784",
			"created_at": "2023-01-06T13:46:38.953463Z",
			"updated_at": "2026-04-10T02:00:03.159523Z",
			"deleted_at": null,
			"main_name": "APT31",
			"aliases": [
				"JUDGMENT PANDA",
				"BRONZE VINEWOOD",
				"Red keres",
				"Violet Typhoon",
				"TA412"
			],
			"source_name": "MISPGALAXY:APT31",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "9e6186dd-9334-4aac-9957-98f022cd3871",
			"created_at": "2022-10-25T15:50:23.357398Z",
			"updated_at": "2026-04-10T02:00:05.368552Z",
			"deleted_at": null,
			"main_name": "ZIRCONIUM",
			"aliases": [
				"APT31",
				"Violet Typhoon"
			],
			"source_name": "MITRE:ZIRCONIUM",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "f9806b99-e392-46f1-9c13-885e376b239f",
			"created_at": "2023-01-06T13:46:39.431871Z",
			"updated_at": "2026-04-10T02:00:03.325163Z",
			"deleted_at": null,
			"main_name": "Watchdog",
			"aliases": [
				"Thief Libra"
			],
			"source_name": "MISPGALAXY:Watchdog",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "74d9dada-0106-414a-8bb9-b0d527db7756",
			"created_at": "2025-08-07T02:03:24.69718Z",
			"updated_at": "2026-04-10T02:00:03.733346Z",
			"deleted_at": null,
			"main_name": "BRONZE VINEWOOD",
			"aliases": [
				"APT31 ",
				"BRONZE EXPRESS ",
				"Judgment Panda ",
				"Red Keres",
				"TA412",
				"VINEWOOD ",
				"Violet Typhoon ",
				"ZIRCONIUM "
			],
			"source_name": "Secureworks:BRONZE VINEWOOD",
			"tools": [
				"DropboxAES RAT",
				"HanaLoader",
				"Metasploit",
				"Mimikatz",
				"Reverse ICMP shell",
				"Trochilus"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "dc7ee503-9494-4fb6-a678-440c68fd31d8",
			"created_at": "2022-10-25T16:07:23.349177Z",
			"updated_at": "2026-04-10T02:00:04.552639Z",
			"deleted_at": null,
			"main_name": "APT 31",
			"aliases": [
				"APT 31",
				"Bronze Vinewood",
				"G0128",
				"Judgment Panda",
				"Red Keres",
				"RedBravo",
				"TA412",
				"Violet Typhoon",
				"Zirconium"
			],
			"source_name": "ETDA:APT 31",
			"tools": [
				"9002 RAT",
				"Agent.dhwf",
				"AngryRebel",
				"CHINACHOPPER",
				"China Chopper",
				"Destroy RAT",
				"DestroyRAT",
				"Farfli",
				"Gh0st RAT",
				"Ghost RAT",
				"GrewApacha",
				"HOMEUNIX",
				"HiKit",
				"HidraQ",
				"Homux",
				"Hydraq",
				"Kaba",
				"Korplug",
				"McRAT",
				"MdmBot",
				"Moudour",
				"Mydoor",
				"PCRat",
				"PlugX",
				"RedDelta",
				"Roarur",
				"Sakula",
				"Sakula RAT",
				"Sakurel",
				"SinoChopper",
				"Sogu",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"Trochilus RAT",
				"Xamtrav"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434796,
	"ts_updated_at": 1775792242,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2fa3e135c36fb984e768f9110e6371c9bbe5e12e.pdf",
		"text": "https://archive.orkl.eu/2fa3e135c36fb984e768f9110e6371c9bbe5e12e.txt",
		"img": "https://archive.orkl.eu/2fa3e135c36fb984e768f9110e6371c9bbe5e12e.jpg"
	}
}