How the Five Eyes Alliance Seeks to Hold China Responsible for Large-Scale Global Hacking Operations

"APT31 is a Chinese government-backed threat group that has targeted millions of people in Britain and the U.S. for many years."

In a striking escalation of diplomatic tensions, the UK government summoned the Chinese charge d'affaires to deliver an official condemnation of what it described as acts of hacking, accusing China of carrying them out.

This measure comes in the wake of mutual accusations between Washington and Beijing, as the latter lodged a strong protest with the United States after accusations of being behind a series of global hacking operations that targeted lawmakers and public institutions.

Washington, in cooperation with London and Wellington, has made detailed accusations against China, pointing to a series of cyberespionage over the past decade, in an attempt to hold Beijing responsible.

In turn, Prime Minister Rishi Sunak described China as the challenge that will threaten today's era.

On its part, Beijing strongly denied these accusations, stressing its opposition and taking strict measures against all forms of cyberattacks.

The United States was also accused of using the Five Eyes coalition, which includes the United States, Britain, New Zealand, Australia, and Canada, to spread misleading information.

It is noteworthy that tensions have escalated greatly between Beijing and Washington over issues related to cyberespionage during the recent period, as Western intelligence agencies sounded the alarm regarding Chinese state-backed cyber hacking activities.

Global Hacking Operation

The U.S. Department of Justice accused 7 Chinese citizens of being behind what it considered a large-scale global hacking operation that lasted 14 years, aiming to assist China in economic espionage and foreign intelligence targets.

It pointed out that the Chinese hacking operation had targeted millions of people, including legislators, academics, journalists, companies, as well as defense contractors, which necessitated the imposition of new sanctions on China.

Washington explained that a hacking group called Advanced Persistent Threat 31 or APT31 was behind the attacks, which it considered a cyberespionage unit run by China's Ministry of State Security, effective from the city of Wuhan in central China.

"Hackers compromised email accounts, cloud storage accounts and phone call logs, monitoring some accounts for years," the Justice Department said.

Officials released a long list of targets: White House staff, U.S. senators, British parliamentarians, and government officials around the world who have criticized Beijing.

U.S. Deputy Attorney General Lisa Monaco indicated that the operation included sending more than 10,000 emails targeting companies, politicians, and journalists, with the APT31 unit identified as responsible for the attacks.

She said in a statement that the aim of the global hacking operation was to repress critics of the Chinese regime, compromise government institutions, and steal trade secrets.

Earlier this month, FBI Director Christopher Wray issued a strong public warning in which he claimed that various groups of Chinese hackers were preparing to cause chaos and cause real harm to American citizens if the disputes between China and the United States turn into conflict.

According to Reuters, China may be trying — by cutting off vital services to military bases and the civilian population — to make Americans more concerned about supplies of electricity, food, and water than about helping a distant island owned by Beijing (Taiwan).

On January 31, U.S. authorities announced the dismantling of a hacker network known as Volt Typhoon, which was targeting major infrastructure of the U.S. public sector, such as water treatment plants and transportation systems, alleging that the network operates based on directives from China.

Wray explained that the goal is to spread confusion, weaken the United States' will to fight and hinder the American army from deploying resources if the dispute over Taiwan, a major point of contention between the two superpowers, escalates into war.

In May 2023, the United States and its allies accused the Volt Typhoon group, described as a Chinese state-sponsored hacking group, of hacking vital American infrastructure networks, accusations denied by Beijing.

Chinese Breakthroughs

Hours after the American announcement, the British government said that since 2021-2022, the same APT31 group has targeted the accounts of British parliamentarians, including a large number of critics of Beijing's policies.

With legislative elections expected in Britain within months, Deputy Prime Minister Oliver Dowden said in shocking statements that an entity linked to the Chinese government may have hacked the British Electoral Commission.

He said that the two campaigns against British parliamentarians and the Electoral Commission had been thwarted earlier, after they posed a real and dangerous threat, stressing that this would not affect the registration, voting, or participation of citizens in democratic processes.

According to reports, the Chinese hack occurred in August 2021, but details of the incident were not revealed until late last year.

The hack was only identified in October 2022, meaning the hackers went undetected for almost a year in the UK Electoral Commission's systems.

Cyberattackers accessed the names and addresses of British voters between 2014 and 2022.

At that time, there were 43 million people on the electoral register in England and Wales.

While the Electoral Commission stated that most of the data was publicly available anyway on the electoral roll, around 28 million people chose not to have their data freely available online, and their privacy was likely compromised.

Earlier, Prime Minister Rishi Sunak confirmed that the UK will do everything necessary to maintain its security and protect itself from the historic challenge posed by an increasingly influential China.

Sunak said: "We've been very clear that the situation now is that China is behaving in an increasingly assertive way abroad, authoritarian at home, and it represents an epoch-defining challenge, and also the greatest state-based threat to our economic security."

He stressed: "So, it's right that we take measures to protect ourselves, which is what we are doing."

Conservative MP Iain Duncan Smith, one of the British lawmakers targeted by the cyberattacks, said Beijing should be labeled a threat to the UK.

Smith is one of several British lawmakers on whom China imposed sanctions in 2021 due to their criticism of human rights violations against the Uighur minority in China and in Hong Kong.

In parallel, New Zealand said the Office of the Parliamentary Counsel, responsible for drafting and publishing laws, was also hacked around the same period.

New Zealand, traditionally a staunch supporter of China in the West, blamed the state-backed Chinese group for the attack.

Newly elected Prime Minister Christopher Lacson acknowledged that holding China, his country's largest trading partner, responsible for the attack was a big step.

New Zealand Foreign Minister Winston Peters also asked his staff to speak immediately to the Chinese ambassador to present the country's position and express its concerns.

Cyberattacks

In the past few years, Western countries have shown an increasing willingness to expose malicious cyberattacks and accuse foreign governments, especially China, Russia, North Korea, and Iran.

But China responded angrily to these accusations, and its embassies in London, Wellington, and Washington issued statements of condemnation.

The Chinese embassy in London said that the UK's exaggeration of the so-called baseless Chinese cyberattacks and the announcement of sanctions are outright political manipulation and malicious slander.

The embassy added that "China has never encouraged, supported, or condoned cyberattacks."

Likewise, the Chinese Embassy in Wellington issued a similar letter accusing the host country of making the wrong choice, and asserting that China is in fact a major victim of cyberattacks.

On his part, Chinese Foreign Ministry spokesman Lin Jian expressed his country's strong opposition to these accusations and strongly protested to the U.S. and concerned parties, warning that China will take the necessary measures to protect its legitimate rights and interests.

Britain and the U.S. had imposed sanctions on a company they said was linked to the Ministry of State Security and linked to piracy activities.

The U.S. Treasury Department said in a statement that the sanctions were imposed on the Wuhan Xiaoruizhi Science and Technology Company, as well as on two Chinese citizens.

The Chinese Ministry of State Security has emerged as the main department for anti-hacking operations after significant investment from the government.

This ministry — under the direct control of the Chinese leadership — is responsible for the People's Liberation Army, which has managed most of the operations to repel cyberespionage attacks issued by American companies, with the aim of stealing corporate secrets or Chinese defense designs.

Analysts believe that China's strategy has evolved recently, noting that its first goal is to find a way to deter Washington's military effort to help Taiwan if China decides to annex the island.