After the UK called out Chinese hackers for targeting parliamentarians’ emails and the country’s Electoral Commission, New Zealand said it had also linked cyberattacks on its parliament to Chinese state-sponsored threat actors.
On the same day that the US slapped fresh sanctions against two Chinese hackers and a China-based technology company serving as a front for malicious cyber operations, the UK called out and sanctioned the same entities for hacking into its own systems.
The tech firm, Wuhan Xiaoruizhi Science and Technology Company Limited, has been operating on behalf of the Chinese Ministry of State Security (MSS) and is part of China’s state-sponsored apparatus, the UK says.
Identified as Wuhan XRZ, the company is associated with APT31 (also known as Judgement Panda, Red Keres, Violet Typhoon, and Zirconium), a hacking group accused of conducting cyberespionage operations on behalf of Beijing.
According to the UK’s National Cyber Security Centre (NCSC), “the UK Electoral Commission systems were highly likely compromised by a Chinese state-affiliated entity between 2021 and 2022” and “it is almost certain that the China state-affiliated APT31 conducted reconnaissance activity against UK parliamentarians during a separate campaign in 2021.”
While no parliamentary accounts were compromised, “it is highly likely the threat actors accessed and exfiltrated email data, and data from the Electoral Register,” the NCSC says.
As such, the UK slapped sanctions on Wuhan XRZ, as well as Zhao Guangzong and Ni Gaobin, two individuals believed to be members of APT31.
The Chinese Embassy in London dismissed the allegations, saying that the UK’s accusations are “completely unfounded and constitute malicious slander” and that they represent “a typical example of a thief crying ‘catch thief’”.
“The UK falsely accused China of attempting to interfere with UK democracy. We strongly urge the UK to immediately stop spreading false information about China,” the Embassy said in a statement.
While announcing it stands by the UK in condemning China’s cyber operations, New Zealand said it has uncovered links between Chinese hackers and cyberattacks against parliamentary entities.
New Zealand’s NCSC “completed a robust technical assessment following a compromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021, and has attributed this activity to a PRC [People’s Republic of China] state-sponsored group known as APT40”, said Judith Collins, the minister responsible for the Government Communications Security Bureau (GCSB).
“Fortunately, in this instance, the NCSC worked with the impacted organisations to contain the activity and remove the actor shortly after they were able to access the network,” Collins added.
Following the UK’s announcement, Australia expressed concerns about the malicious activities associated with the Chinese state-sponsored hackers, but claimed that its own electoral systems “were not compromised by the cyber campaigns targeting the UK.”
Related: Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon
Related: Chinese APT Hacks 48 Government Organizations
Related: U.S., Allies Officially Accuse China of Microsoft Exchange Attacks