Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
British MPs targeted by Chinese hackers are contesting government reassurances that an attempted cyber attack was unsuccessful, saying they have identified offending emails in their inboxes that should have been intercepted.
Members of the Inter-Parliamentary Alliance on China said on Monday that at least 10 politicians at Westminster had been able to identify messages sent by a hacking group, which they strongly suspected had extracted information once opened.
UK and US authorities confirmed last week that APT31, a Wuhan-based hacking group, had been responsible for attacks on the Electoral Commission, the British polling regulator, in 2021 and 2022. The group had also targeted around 32 British MPs, they said.
Luke de Pulford, executive director of IPAC, told the Financial Times that MPs had not been informed of the domain names the hackers may have used and were told that the attack had been unsuccessful.
They subsequently learned what the relevant web addresses were and in searching for them found so-called “tracker pixel” emails remaining on parliamentary servers.
“It was all downplayed to a point many find unacceptable,” de Pulford said. “If they had detected that information was being sent to China, it makes no sense that they would allow dozens of offending emails to stay on the parliamentary system for three years.”
These fresh claims made by MPs will add to growing pressure on the UK government to map out more concrete action in the face of state-sponsored attacks by China, despite the significant geopolitical and trade risks this might create.
Oliver Dowden, deputy prime minister, told MPs last week in a statement in the House of Commons that it was “almost certain” that APT31 had conducted reconnaissance activity against parliamentarians during a campaign in 2021.
Dowden added that the email campaign had been “entirely unsuccessful” and was blocked by parliament’s cyber security measures. He labelled the targeting of MPs “unacceptable”.
The UK government last week announced a narrow set of sanctions in response to the attack, instituting an asset freeze and travel ban on two members of APT31.
The Cabinet Office said on Monday: “No parliamentary accounts were successfully compromised in this targeting by APT31 in 2021. The campaign was successfully mitigated by parliament’s security department.”
IPAC, whose members are known for their hawkish stance on China, includes UK parliamentarians who have previously been sanctioned by the Beijing government.
Five affected MPs were briefed on the hack by parliament’s head of security last week. These included Nus Ghani, a minister in the Foreign Office, and the former Tory leader Sir Iain Duncan Smith, according to government officials.
MPs were briefed that offending emails were not in their inbox or on the parliamentary network, according to two people familiar with the matter.
The Chinese embassy in London has previously said: “The so-called cyber attacks by China against the UK are completely fabricated and malicious slanders. We strongly oppose such accusations.”
Targeted MPs were only able to identify relevant emails based on information shared by Samuel Cogolati, a Belgian MP, who was subject to a similar cyber attack in January 2021. The emails purported to be from a fake news website.
Tracker pixel emails are generally used by marketing companies to monitor engagement. Such emails can also be utilised by malicious state and non-state actors to extract location and device data to map out an intended target’s digital footprint ahead of a more serious cyber attack.
Stewart McDonald, a Scottish National party MP who was one of the subjects of the attack, said there was a “huge disparity” in the information being shared by UK and US authorities. “The government is saying these attacks weren’t successful and have been playing it down,” he said.
“I know of several colleagues who have now found these emails in their mailbox, and nobody from either parliamentary security or the government has contacted them,” McDonald added.
