Unlock the Editor’s Digest for free

The US and UK have unveiled sweeping measures against hackers backed by China’s government, alleging they carried out extensive cyber attacks against targets across Washington and Westminster.

The US Department of Justice on Monday indicted seven Chinese nationals who it said were members of APT31, a Wuhan-based hacking group run by China’s main spy service.

The indictment alleges that the group sent more than 10,000 “malicious” emails with hidden tracking links to officials across the federal government, businesses “of national economic importance” including defence, and Capitol Hill.

The campaign lasted years and targets included international critics of China’s government, including 43 UK parliamentary accounts, the DoJ alleged.

The UK said the Chinese hackers were behind two malicious cyber campaigns on Britain’s elections watchdog and parliamentarians, as the government announced sanctions in response. Iain Duncan Smith, a former leader of the Conservative party, was among the targets, the UK said.

The interventions by the US and UK come against a backdrop of geopolitical and trade tensions with Beijing, with Prime Minister Rishi Sunak warning on Monday that an “increasingly assertive” China was an “epoch-defining challenge”.

The US indictment follows an executive order signed by President Joe Biden last month to defend US ports from Chinese cyber attacks and after FBI director Christopher Wray told the Financial Times that the US was “laser-focused” on China’s cyber threat.

The US would “not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses”, the country’s attorney-general Merrick Garland said on Monday.

Liu Pengyu, a spokesperson for the Chinese embassy in Washington, said China that “firmly opposes and cracks down on all forms of cyber attacks” and described the accusations as “groundless”. It added that China was also a victim of cyber attacks and that the “US itself is the origin and the biggest perpetrator”.

Oliver Dowden, the UK’s deputy prime minister, said that British intelligence concluded it was “almost certain” that APT31 had conducted reconnaissance activity against UK parliamentarians during a separate campaign in 2021.

The group was also “highly likely” to have been responsible for the complex attack on the Electoral Commission between 2021 and 2022, Dowden told parliament.

The UK sanctions announced on Monday include an asset freeze and travel ban on two members of APT31 who the Foreign Office said were “operating on behalf of the Chinese Ministry of State Security” and had been involved in the cyber-espionage campaign.

The UK also blacklisted Wuhan Xiaoruizhi Science and Technology Company Ltd, which it said was associated with APT31 and was operating on behalf of China’s MSS as part of Beijing’s “state-sponsored apparatus”.

Foreign secretary Lord David Cameron said it was “completely unacceptable that China state-affiliated organisations and individuals have targeted our democratic institutions and political processes”. Cameron said he had raised the issue directly with China’s foreign minister Wang Yi.

The Chinese embassy in London said: “The so-called cyber attacks by China against the UK are completely fabricated and malicious slanders. We strongly oppose such accusations.”

The US and UK interventions came after Belgium’s cyber security agency named APT31 as the culprit behind an attack on a prominent Belgian politician in March 2023.

The alleged breach of the Electoral Commission’s systems by Beijing-linked actors echoes China’s attempts to amass other bulk data sets at scale.

Ministers first announced in August 2023 that hackers had obtained the names and addresses of tens of millions of British voters in a breach of the elections regulator’s systems that began in August 2021 but was detected only in October 2022. They had not previously attributed the campaign.

Reforms of UK espionage laws that are going through parliament and were requested by Britain’s intelligence agencies were informed in part by these latest malicious cyber campaigns.

The National Cyber Security Centre on Monday published updated cyber guidance on defending democracy for political organisations and bodies co-ordinating the delivery of elections.