Government knew about China hack on MPs two years before informing them
The Government learnt about a major Chinese hack on MPs two years ago but did not warn them until last month, i can reveal.
MPs were not told about attempts from a Chinese state affiliated group to hack their parliamentary accounts until March of this year despite the UK government being informed about the attempts in 2022, according to a leaked FBI document obtained by i.
Conservative, Lib Dem and SNP politicians, including former Tory leader Iain Duncan Smith, aired their frustrations after learning that they had been kept in the dark about the attack for almost two years.
The deputy prime minister, Oliver Dowden, announced that three MPs and one peer had been targeted by a Chinese state affiliated hacking group called âAPT31â last month. The hack took place between 2021 and 2022 and is thought to have also impacted the Electoral Commission.
Ahead of the announcement, the targeted MPs â including China hawk Sir Iain, Lord Alton and SNP MP Stewart McDonald â were privately reassured in a briefing by Parliamentâs head of security that only a small number of parliamentarians had been affected and the contaminated emails never made it to their inboxes.
It was later revealed by i that at least 30 UK parliamentarians were impacted but had not been warned by parliamentary security or the Government.
Now, a leaked, unclassified document from the US Department of Justice (DOJ) and FBI has revealed that the UK had been privately informed about the scale of the hack almost two years ago.
In a letter sent to affected European politicians last week, the US DOJ explained they had identified the cyber attack in 2022, but they were unable to contact foreign parliamentarians who were affected directly due to âsovereignty concernsâ.
Instead, FBI officials âoutlined the affected email accounts, described the nature of the campaign (tracking emails), attributed the activity to APT31, and provided the malicious APT31 sender accountsâ in a briefing to the âhost governmentâ of those affected, including the UK.
The information was sent to UK law enforcement and intelligence agencies âas soon as it was discovered by the FBIâ, according to the document.
When Mr Dowden made his announcement last month, he said the attempts were unsuccessful and only affected a handful of MPs.
He added that British intelligence concluded it was âalmost certainâ that Chinese state affiliated hacking group âAPT31â had conducted the âmalicious cyber campaignâ. The Deputy Prime Minister said the group were âhighly likelyâ to have been responsible for a major attack on the Electoral Commission between 2021 and 2022.
It is unclear why the full scale of the hacking attack was not revealed by Mr Dowden, and why Parliamentary security assured MPs the emails did not make it to their inboxes.
i has since seen emails from the domain in politiciansâ inboxes.
MPs from across the house who where caught up in the hacking attempt are now calling for answers.
Tory MP Sir Iain Duncan Smith said the UKâs response to the attack was âbreathtakingâ and accused the Government of covering up the extent of the problem.
âOur Government seem desperate to avoid offending China, even when it attacks our own MPs,â he added. âWhy has it taken the Americans to tell the Brits about this threat?â
Mr Duncan Smith was one of a handful of MPs who were privately told by parliamentary security that the emails never reached their inboxes. But the former Tory leader claimed politicians had found that the phishing attempts were still sitting in their inboxes today.
âThey said you donât need to search for the emails because they were all blocked,â he told i. âBut thereâs still MPs with the damn things sitting in their emails.â
In January 2021, the hack saw more than 1,000 emails sent to more than 400 Government email accounts belonging to members of the Inter-Parliamentary Alliance on China (Ipac), a global group of parliamentarians with hawkish views on China, according to the FBI document.
Parliamentarians in the group were sent infected emails from an account posing as a democracy-focused news website under the domain nropnews.com, i previously revealed.
The emails contained spyware hidden within the images in a spear-phishing campaign using pixel technology capable of steaing private data from users.
Founder of Ipac Luke De Pulford, a human rights campaigner, said politicians in France and Czechia were sent the same emails, and were âfully hackedâ a few months later.
He told i: âItâs a shocking dereliction of duty to fail to warn MPs that they were targeted by a state sponsored hacking group.â
One of the targets, Lib Dem MP Leyla Moran said it was âincredibly concerningâ that parliamentarians werenât informed about the hack, adding the response was âsymptomaticâ of the Governmentâs âweak stanceâ on China.
âGiven the kind of surveillance attack that was launched is often a precursor to a more invasive attack, parliamentarians like me who were targeted had a right to know we were at risk,â she told i. âNot only does this compromise parliamentarianâs security, it undermines our democracy.â
The SNPâs Alistair Carmichael said the saga will âcolour how any pronouncement by the Government about China and our relations with her are seenâ.
He told i: âGiven the choice between maintaining the security of MPs and Parliament on the one hand and not offending the Chinese Government on the other, they have clearly chosen not to offend the Chinese Government.â
A US press release coinciding with the Governmentâs announcement in March referenced the widespread attack on Ipac, revealing there was evidence more than 400 individuals from across several governments were targeted by APT31.
The leaked FBI document states that US officials notified partners that the indictment would be unsealed, and in some cases the FBI âprovided copiesâ of the sealed indictment.
US officials confirmed that the âofficial government accountsâ of European legislators associated with Ipac were targeted and offered members a private briefing to answer any outstanding questions about the cyber attack, as well as providing âemail hygiene tailored to APT31â.
The Foreign Office did not comment.