Spear-phishing attack against UK parliamentarians (2021-2022): Difference between revisions
Jump to navigation
Jump to search
Content added Content deleted
No edit summary |
m (Added content; references needed to be properly formatted.) |
||
| Line 1: | Line 1: | ||
{| class="wikitable" |
|||
''This page is under construction....'' |
|||
! scope="row" |Date |
|||
|2021-2022. [1] |
|||
|- |
|||
! scope="row" |Suspected actor |
|||
|Advanced Persistent Threat 31 (‘APT31’) – a hacker group allegedly affiliated with China. This is an official attribution made by the UK [1] and US [2]), whilst China has denied connection with APT31. [3] |
|||
|- |
|||
! scope="row" |Target |
|||
|The emails of UK parliamentarians, many of whom have been vocal about China’s ‘malign activity’, were subject to 'reconnaisance activity'. [4] |
|||
|- |
|||
! scope="row" |Target systems |
|||
|N/A |
|||
|- |
|||
! scope="row" |Method |
|||
|Spear-phishing; victims were sent malicious emails containing links designed to extract private details (i.e. passwords) in order to access private and sensitive information. [5] The US Department of Justice has alleged that APT31 used ‘hidden tracking links’ in these attacks, which extract the victim’s IP address, location, type of device and network schematics simply by opening the email itself. [2] |
|||
|- |
|||
! scope="row" |Purpose |
|||
|The UK’s National Cyber Security Centre has assessed that the extracted data would be used for political espionage and repression of Chinese dissidents and critics in the UK. [4] Lord Cameron, the then UK Foreign Secretary, characterised the attacks as an attempt to ‘interfere with UK democracy’. [1] The attacks can be viewed as part of a broader international campaign to silence critics of the Chinese government. For example, APT31 previously conducted cyber operations against groups and individuals perceived to be critical of the Chinese government, such as activists campaigning for democracy in Hong Kong and their associates there, in Norway and the United States. [2] |
|||
|- |
|||
! scope="row" |Result |
|||
|The UK stated that the threat had been successfully identified and neutralised by Parliament’s Security Department before any accounts could be compromised. [4] |
|||
|- |
|||
! scope="row" |Aftermath |
|||
|The UK summoned the Chinese Ambassador to the UK, and the Foreign Secretary spoke with Chinese Foreign Minister Wang Yi. [1] Sanctions were levied against Zhao Guangzong and Ni Gaobin, alleged members of APT31, as well as against Wuhan Xiaoruizhi Science and Technology Company Limited, which the UK claims is a front company for APT31. [1] Similarly, the US Department of Justice unveiled sanctions against Guangzong and Gaobin, as well as five other PRC nationals associated with APT31. [2] |
|||
|- |
|||
! scope="row" |Analysed in |
|||
|[[Scenario 02: Cyber espionage against government departments]] |
|||
|} |
|||
Collected by: [[People|Tom Davies]]'''References''' |
|||
[1] Foreign, Commonwealth & Development Office, ‘Press release: UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity’ (25 March 2024). |
|||
[2] U.S. Department of Justice, ’Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians’ (25 March 2024). |
|||
[3] Embassy of the People’s Republic of China in the Commonwealth of Australia, ‘Foreign Ministry’s Spokesperson’s Remarks’ (27 March 2024). |
|||
[4] UK National Cyber Security Centre, ‘UK calls out China state-affiliated actors for malicious cyber targeting of UK democratic institutions and parliamentarians’ (25 March 2024). |
|||
[5] UK Office of Financial Sanctions Implementation, Financial Sanctions Notice (WUHAN XIAORUIZHI SCIENCE AND TECHNOLOGY COMPANY LIMITED) (25 March 2024), page 6. |
|||
Revision as of 15:53, 21 June 2024
| Date | 2021-2022. [1] |
|---|---|
| Suspected actor | Advanced Persistent Threat 31 (‘APT31’) – a hacker group allegedly affiliated with China. This is an official attribution made by the UK [1] and US [2]), whilst China has denied connection with APT31. [3] |
| Target | The emails of UK parliamentarians, many of whom have been vocal about China’s ‘malign activity’, were subject to 'reconnaisance activity'. [4] |
| Target systems | N/A |
| Method | Spear-phishing; victims were sent malicious emails containing links designed to extract private details (i.e. passwords) in order to access private and sensitive information. [5] The US Department of Justice has alleged that APT31 used ‘hidden tracking links’ in these attacks, which extract the victim’s IP address, location, type of device and network schematics simply by opening the email itself. [2] |
| Purpose | The UK’s National Cyber Security Centre has assessed that the extracted data would be used for political espionage and repression of Chinese dissidents and critics in the UK. [4] Lord Cameron, the then UK Foreign Secretary, characterised the attacks as an attempt to ‘interfere with UK democracy’. [1] The attacks can be viewed as part of a broader international campaign to silence critics of the Chinese government. For example, APT31 previously conducted cyber operations against groups and individuals perceived to be critical of the Chinese government, such as activists campaigning for democracy in Hong Kong and their associates there, in Norway and the United States. [2] |
| Result | The UK stated that the threat had been successfully identified and neutralised by Parliament’s Security Department before any accounts could be compromised. [4] |
| Aftermath | The UK summoned the Chinese Ambassador to the UK, and the Foreign Secretary spoke with Chinese Foreign Minister Wang Yi. [1] Sanctions were levied against Zhao Guangzong and Ni Gaobin, alleged members of APT31, as well as against Wuhan Xiaoruizhi Science and Technology Company Limited, which the UK claims is a front company for APT31. [1] Similarly, the US Department of Justice unveiled sanctions against Guangzong and Gaobin, as well as five other PRC nationals associated with APT31. [2] |
| Analysed in | Scenario 02: Cyber espionage against government departments |
Collected by: Tom DaviesReferences
[1] Foreign, Commonwealth & Development Office, ‘Press release: UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity’ (25 March 2024).
[2] U.S. Department of Justice, ’Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians’ (25 March 2024).
[3] Embassy of the People’s Republic of China in the Commonwealth of Australia, ‘Foreign Ministry’s Spokesperson’s Remarks’ (27 March 2024).
[4] UK National Cyber Security Centre, ‘UK calls out China state-affiliated actors for malicious cyber targeting of UK democratic institutions and parliamentarians’ (25 March 2024).
[5] UK Office of Financial Sanctions Implementation, Financial Sanctions Notice (WUHAN XIAORUIZHI SCIENCE AND TECHNOLOGY COMPANY LIMITED) (25 March 2024), page 6.