Warnings of an apparent attempt to target a group of MPs serve to emphasise how advanced the threat from China has become, as suspected state-backed hacking groups use their own techniques to target different areas of western life.
By Tom Clarke, Science and technology editor @t0mclark3
The fact China is attempting to spy on the UK and others online should come as no surprise.
This latest announcement from government is more of a reminder that the activity is constant, and increasingly sophisticated.
The UK’s National Cyber Security Centre (NCSC) has now implicated a Chinese-backed hacking group, APT31, of attempting to target a group of MPs.
China blamed for ‘malicious cyber campaigns’
There’s a clue in the name: APT, or Advanced Persistent Threat is cybersecurity speak for groups usually backed by governments.
Politics live: PM issues nuclear warning
A long list from APT16 to APT41 are hacking groups each with their own techniques and target areas suspected of being run by the Chinese state.
It’s suggested APT31 used “spear phishing” to attempt to spy on members of the Inter-Parliamentary Alliance on China (IPAC).
The group describes itself on its website as “an international cross-party group of lawmakers working towards reform on how democratic countries approach China, led by senior politicians from some of the world’s major political parties”.
The same as phishing – in which a malicious file is usually embedded in an innocent-looking link in an email – spear phishing is targeted at a specific individual or group.
We have less information on the 2021 hack of the Electoral Commission, discovered the following year, which has now also been attributed to China.
In this instance, the hackers are believed to have had persistent access to the Electoral Commission’s systems for months.
‘We won’t be bullied into silence by China’
In response, the NCSC has updated guidance for political organisations and other institutions that could be in danger from such attacks, including updated guidance on a sophisticated threat called “living off the land”.
This is a type of “fileless” attack that exploits native code used to manage server networks operated by large providers like Microsoft.
Via an intrusion like a phishing attack, malicious code, disguised to look normal, is inserted straight into the target system’s operating instructions, bypassing virus scanning software.
Read more:
Chinese former video game boss sentenced to death
TikTok boss asks users to help oppose US ban
Hong Kong passes controversial security law
The danger of this type of attack is that it’s hard for online security teams to spot that an intrusion has happened, or to monitor the activity of hackers.
Without vigilant cybersecurity, hacks like this have been found to have persisted for long periods of time.
Last year Microsoft announced a “living off the land” attack by Chinese-backed hacker group Volt Typhoon had been used to infiltrate US utilities and critical infrastructure companies from 2021 onwards.
