UK calls out China state-affiliated actors for malicious cyber targeting of UK democratic institutions and parliamentarians


The UK government has called out China state-affiliated actors for carrying out malicious cyber activity targeting institutions and individuals important to UK democracy.


  • GCHQ’s National Cyber Security Centre assesses China state-affiliated actor APT31 was almost certainly responsible for targeting UK parliamentarians’ emails in 2021.
  • The compromise of the UK Electoral Commission’s systems has also been attributed to a China state-affiliated actor in a separate instance of malicious activity.
  • Organisations and individuals involved in democratic processes urged to follow NCSC advice to bolster their security in face of cyber threats.
  • The National Cyber Security Centre – a part of GCHQ – assesses that the China state-affiliated cyber actor APT31 was almost certainly responsible for conducting online reconnaissance activity in 2021 against the email accounts of UK parliamentarians, most of whom have been prominent in calling out the malign activity of China.

Separately, the compromise of computer systems at the UK Electoral Commission between 2021 and 2022 has also been attributed to a China state-affiliated actor. The NCSC assesses it is highly likely the threat actors accessed and exfiltrated email data, and data from the Electoral Register during this time.

The data, in combination with other data sources, would highly likely be used by the Chinese intelligence services for a range of purposes, including large-scale espionage and transnational repression of perceived dissidents and critics in the UK.

To help bolster the UK’s cyber resilience, the NCSC has today published updated guidance in its Defending Democracy collection for political organisations – such as parties and thinktanks – and organisations coordinating the delivery of elections, with advice on how to reduce the likelihood of cyber attacks.

Paul Chichester, NCSC Director of Operations, said:

“The malicious activities we have exposed today are indicative of a wider pattern of unacceptable behaviour we are seeing from China state-affiliated actors against the UK and around the world.

“The targeting of our democratic system is unacceptable and the NCSC will continue to call out cyber actors who pose a threat to the institutions and values that underpin our society.

“It is vital that organisations and individuals involved in our democratic processes defend themselves in cyberspace and I urge them to follow and implement the NCSC’s advice to stay safe online.”

The cyber campaign against the parliamentary email accounts of members across both Houses of Parliament was identified and successfully mitigated by Parliament’s Security Department before any accounts could be compromised.

The compromise of systems at the UK Electoral Commission was made public last year after steps had been taken to remediate and recover, with support from the NCSC.


The publication of new Defending Democracy guidance follows the release of fresh advice for high-risk individuals published in December.

The newly issued guidance for political organisations offers advice to help IT practitioners implement security measures that will help prevent common cyber attacks. These include: putting controls in place to defend against spear-phishing and DDoS attacks and setting up multi-factor authentication on cloud- and internet-connected services.

Meanwhile the guidance for organisations involved in coordinating elections, such as local authorities, advises on steps to take to protect electoral management systems.

The NCSC has previously warned about the threat from China state-linked cyber capabilities, including from APT31 which was previously linked to the Chinese Ministry of State Security in 2021 following compromise of Microsoft Exchange Server.

More recently, the NCSC has warned about China state-sponsored actors using living off the land techniques to evade detection on compromised critical infrastructure networks.

The UK government attribution statement can be read on GOV.UK.