A Chinese cyber attack on British MPs was more widespread than the UK Government initially revealed, i has learned.
Oliver Dowden, the deputy prime minister, announced on Monday that a group of three MPs and one peer had been targeted.
The MPs, including China hawk Iain Duncan Smith, say they were privately reassured in a briefing by Parliament’s head of security that only a small number of parliamentarians had been affected.
But it has now emerged email accounts belonging to more than 30 MPs, peers, and their parliamentary staff were targeted by the same cyber hack, which was in the form of a phishing email.
Mr Duncan Smith told i: “They completely screwed up the other day. They told us that there are only three or four of us that apparently had these emails – it’s complete bollocks.
“Parliament is just a joke when it comes to security, a joke.”
The identified targets were email accounts of members of the Inter-Parliamentary Alliance on China (Ipac), a global group of parliamentarians with hawkish views on China.
It is unclear at this stage why the full effect of the hacking attack was not revealed by Mr Dowden, but sources told i the latest analysis showed around 30 individuals were affected.
Parliamentarians in the group were sent infected emails from an account posing as a democracy-focused news website under the domain nropnews.com.
The emails contained spyware hidden within the images in a spear-phishing campaign using pixel technology capable of sending personal information to an unauthorised third-party server in order to steal private data from users, i can reveal.
The same false domain was used to hack a Belgian MP during the same period. Last year, Samuel Cogolati, also an Ipac member, was named by Belgian intelligence as the victim of an identical APT31 attack during the same period, leading to questions as to how the attack on UK parliamentarians has taken so long to emerge. Parliamentary security officers are now looking into the domain linked to the emails.
Mr Dowden on Monday said British intelligence concluded it was “almost certain” that Chinese state affiliated hacking group ‘APT31’ had conducted the “malicious cyber campaign”. The Deputy Prime Minister said the group were “highly likely” to have been responsible for a major attack on the Electoral Commission between 2021 and 2022.
A US Department of Justice press release on Monday referenced the widespread attack on Ipac, revealing there is evidence more than 400 individuals were targeted. The website MalPedia characterises APT31 as an actor specialised in intellectual property theft, focusing on data and projects that make a particular organisation competetive in its field.
Mr Duncan Smith said some members of Ipac believe some of the phishing emails may have been successful. He said: “We think that some of the MPs have had Trojans on their sites.”
A Trojan is a form of malware virus that can disguise itself on a computer after being downloaded.
The former Tory leader added: “We’ve drawn a line in the sand but that line is behind where China already is. They’re 40 yards up the beach, and we’re saying: ‘We’re going to draw a line just here. OK, We know you’ve crossed it, but don’t you cross it!’”
“It’s just so redolent of what happened in the 30s. You know, making excuses for China, warning them but you know, nothing’s really done.”
Mr Duncan Smith, along with Conservative MP Tim Loughton, the SNP’s Stewart McDonald, and the crossbench peer David Alton were told that they had faced hacking attempts in a private briefing from parliamentary security services prior to Monday’s announcement.
On Monday evening, a US Department of Justice unsealed an indictment against seven Chinese nationals, accused of operating as part of the APT31 hacking group. The press release revealed that more 1,000 emails were sent to more than 400 accounts of individuals associated with Ipac in 2021.
The New Zealand government also revealed it had been the subject of what it called a Chinese state-sponsored attack of its parliament in 2021.
In response to the attack, the UK sanctioned two members of APT31 whom the Foreign Office said were “operating on behalf of the Chinese Ministry of State Security” and a small firm named Wuhan Xiaoruizhi Science and Technology, which it said was operating as part of Beijing’s “state-sponsored apparatus”.
The sanctions came just days after i revealed that the UK had secretly softened its stance on China. Internal documents showed that the Foreign Office has “indefinitely” paused sanctions against Chinese firms and individuals implicated in human rights abuses.
The Foreign Office and No 10 have been contacted for comment.
——————————————————–