US, UK Impose Sanctions On China Over Spying, Infrastructure Hacks

US and UK officials have imposed new sanctions on China after accusing the country of sustaining a cyber-attack campaign lasting more than a decade that included a hack on the UK’s Electoral Commission, disclosed last year, that resulted in the theft of the personal details of about 40 million voters.

The National Cyber Security Centre, part of GCHQ, found that four British MPs critical of Beijing were targeted in a separate attack.

The UK and US both imposed sanctions two individuals and a front company linked to the cyber-espionage group APT31, which is associated with the Chinese ministry of state security, over the attacks.

Deputy prime minister Oliver Dowden said China had failed to interfere in the UK’s democratic processes.

‘Hostile intent’

“We will not hesitate to take swift and robust actions wherever the Chinese government threatens the United Kingdom’s interests,” he said.

“The UK judges that these actions demonstrate a clear and persistent pattern of behaviour that signals hostile intent from China.”

The four parliamentarians were all part of the Inter-Parliamentary Alliance on China and were prominent critics of the country.

They included former Tory leader Iain Duncan Smith, former minister Tim Loughton, Scottish National Party MP Stewart McDonald and cross-bench peer David Alton.

‘Fabricated’

A spokesperson for China’s embassy in Britain rejected the claims.

“The so-called cyber-attacks by China against the UK are completely fabricated and malicious slanders. We strongly oppose such accusations,” the spokesperson said.

The joint US-UK investigation of APT31 found that hackers had tried to place malware in US electric grids, water systems and other critical infrastructure, apparently in an effort to disrupt the functioning of military bases and civilian population centres in the event that the US should come to the aid of Taiwan in a conflict with the Chinese mainland.

The US Treasury Department described malicious state-sponsored cyberactors as “one of the greatest and most persistent threats to US national security”.

Critical infrastructure

The Justice Department announced sanctions against seven Chinese nationals accused of conspiracy to commit computer intrusions and wire fraud as part of APT31.

The group has targeted US companies, government and political officials, candidates and campaign personnel for the past 14 years, officials said.

Tactics allegedly included malicious emails targeted at a Justice Department official, high-ranking White House officials and multiple US senators.

“The United States is focused on both disrupting the dangerous and irresponsible actions of malicious cyberactors as well as protecting our citizens and our critical infrastructure,” said Treasury Department undersecretary for terrorism and financial intelligence Brian E. Nelson.