Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Government

UK, New Zealand Accuse China of Cyberattacks on Government Entities

Australia and New Zealand support the UK in condemning Chinese hackers for targeting UK institutions and parliamentarians.

China APT

After the UK called out Chinese hackers for targeting parliamentarians’ emails and the country’s Electoral Commission, New Zealand said it had also linked cyberattacks on its parliament to Chinese state-sponsored threat actors.  

On the same day that the US slapped fresh sanctions against two Chinese hackers and a China-based technology company serving as a front for malicious cyber operations, the UK called out and sanctioned the same entities for hacking into its own systems.

The tech firm, Wuhan Xiaoruizhi Science and Technology Company Limited, has been operating on behalf of the Chinese Ministry of State Security (MSS) and is part of China’s state-sponsored apparatus, the UK says.

Identified as Wuhan XRZ, the company is associated with APT31 (also known as Judgement Panda, Red Keres, Violet Typhoon, and Zirconium), a hacking group accused of conducting cyberespionage operations on behalf of Beijing.

According to the UK’s National Cyber Security Centre (NCSC), “the UK Electoral Commission systems were highly likely compromised by a Chinese state-affiliated entity between 2021 and 2022” and “it is almost certain that the China state-affiliated APT31 conducted reconnaissance activity against UK parliamentarians during a separate campaign in 2021.”

While no parliamentary accounts were compromised, “it is highly likely the threat actors accessed and exfiltrated email data, and data from the Electoral Register,” the NCSC says.

As such, the UK slapped sanctions on Wuhan XRZ, as well as Zhao Guangzong and Ni Gaobin, two individuals believed to be members of APT31.

The Chinese Embassy in London dismissed the allegations, saying that the UK’s accusations are “completely unfounded and constitute malicious slander” and that they represent “a typical example of a thief crying ‘catch thief’”.

Advertisement. Scroll to continue reading.

“The UK falsely accused China of attempting to interfere with UK democracy. We strongly urge the UK to immediately stop spreading false information about China,” the Embassy said in a statement.

While announcing it stands by the UK in condemning China’s cyber operations, New Zealand said it has uncovered links between Chinese hackers and cyberattacks against parliamentary entities.

New Zealand’s NCSC “completed a robust technical assessment following a compromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021, and has attributed this activity to a PRC [People’s Republic of China] state-sponsored group known as APT40”, said Judith Collins, the minister responsible for the Government Communications Security Bureau (GCSB).

“Fortunately, in this instance, the NCSC worked with the impacted organisations to contain the activity and remove the actor shortly after they were able to access the network,” Collins added.

Following the UK’s announcement, Australia expressed concerns about the malicious activities associated with the Chinese state-sponsored hackers, but claimed that its own electoral systems “were not compromised by the cyber campaigns targeting the UK.”

Related: Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon

Related: Chinese APT Hacks 48 Government Organizations

Related: U.S., Allies Officially Accuse China of Microsoft Exchange Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cyberwarfare

Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

Cyberwarfare

US National Cybersecurity Strategy pushes regulation, aggressive 'hack-back' operations.