TYB
China’s UK election hack – how and why the Electoral Commission was targeted
A collage of computer themed images over binary numbers
In an article for The Conversation, Soraya Harding Senior lecturer in Cybersecurity Intelligence and Digital Forensics, examines the motivation and impact of China's alleged hacking of the UK Electoral Commission.
27 March 2024
The UK government has accused China of hacking the UK Electoral Commission, gaining access to information about millions of voters.
In the aftermath of the incident, the UK and US governments have sanctioned a company that is a front for the Chinese Ministry of State Security (MSS), Wuhan Xiaoruizhi Science and Technology, and affiliated individuals for their involvement in the breach and for placing malware in critical infrastructure.
The UK and many other countries have growing concerns over cyber operations that target national security, technological innovation and economic interests. China has been linked to state-sponsored cyber espionage activities for some time. Targets have included foreign governments, businesses and critical infrastructure.
While China is not inherently a threat to the UK, the two countries have a complex relationship that is characterised by both cooperation and competition. China has economic influence over the UK and the two compete on innovation. But China’s military ambitions, human rights record and reputation for covert influence campaigns require careful diplomatic and strategic management.
It’s not clear what precisely motivated the attack on the Electoral Commission but such attacks are generally linked to various strategic interests. States may target foreign electoral organisations with the aim of influencing election results or more generally to undermine democratic processes, including by damaging trust among voters. They may seek leverage with whatever information they gather, either economically or in terms of global positioning.
These activities are not unique to China. In a deeply connected and increasingly digitised world, many states are strategically motivated to engage in subterfuge of this kind.
How this kind of attack works
The US Cybersecurity and Infrastructure Security Agency (CISA) has already detailed the methods deployed by affiliates of the MSS in their cyber espionage. They systematically exploit vulnerabilities in software and systems, penetrating federal government networks and commercial entities.
Their approach demonstrates a deep understanding of cyber warfare and intelligence gathering and a high level of expertise. It’s clear that significant resources have been put at their disposal.
Central to their strategy is the active exploitation of vulnerabilities. They meticulously search for and take advantage of weaknesses across target systems and software. By identifying these security gaps, they manage to bypass protective measures and infiltrate sensitive environments, aiming to access and extract valuable information.
In gathering intelligence, these operatives scour publicly available sources – including the media and public government reports – to accumulate critical data on their targets. This could range from specifics about an organisation’s IT infrastructure and employee details to potential security lapses. Such intelligence lays the groundwork for highly targeted and effective cyberattacks.
>China’s UK election hack – how and why the Electoral Commission was targeted
Meanwhile, they scan for vulnerabilities in the system itself, uncovering essential details like open ports and the services running on them. This will include any software that may be ripe for exploitation due to known vulnerabilities.
The operatives then leverage all this information to gain unauthorised access. They exploit system flaws to induce unexpected behaviours, allowing for the installation of malware, data theft and system control.
The ultimate aim of these operations is the exfiltration of data, such as the names and addresses of British voters in the case of the Electoral Commission. They illicitly copy, transfer, or retrieve data from compromised systems, targeting personal information, intellectual property and government or commercial secrets.
The pencil is mightier than the keyboard
It was known by August 2023 that the Electoral Commission had come under attack but the suspects have only now been named publicly.
Despite the breach, the Electoral Commission claims that the core elements of the UK’s electoral process remain secure and that there will be “no impact” on the security of elections. This is in part because so much of the British system is paper based. People are processed by hand when they go to a polling station on election day, they use pencil and a paper ballot to vote, and their votes are counted by hand.
These factors make it very difficult to influence the outcome of a British election via a cyberattack, unlike in countries that use electronic voting machines or automated vote counting. Paper ballots and records, being tangible and physically countable, provide a verifiable trail. So even in the event of a cyber intrusion, the fundamental act of casting and counting votes remains untainted by digital vulnerabilities.
Stronger systems are still needed
The attack nevertheless raises questions about the effectiveness of existing monitoring and logging systems for detecting data breaches. The attack accessed not only the electoral registers but also the commission’s email and control systems. The data potentially accessed included UK citizens’ full names, email addresses, home addresses and phone numbers.
Nor is the commission the only target in the British political system. The National Cyber Security Centre (NCSC) assesses with a high degree of certainty that APT31, an advanced persistent threat group affiliated with the Chinese state, has engaged in reconnaissance activities targeting UK parliamentarians.
To secure its elections from cyber threats like those from APT31, the UK government is already improving the overall resilience of its elections cyberinfrastructure. It is working closely with the NCSC to identify threats and emerging trends. These efforts are likely to include regular security audits, penetration testing and the adoption of secure software development practices to ensure that systems are robust.
What’s perhaps most significant in the case of the Electoral Commission hack, however, is the fact that the UK government has called China out so explicitly. This is a strategy decided on with allies as a way of holding perpetrators more accountable.
Publicly attributing cyber attacks to specific state actors or groups sends a clear message that such activities are being monitored and will not go unchallenged. This strategy of transparency and accountability is pivotal in establishing international norms and expectations for state behaviour in cyberspace.
Soraya Harding, Senior lecturer in Cybersecurity Intelligence and Digital Forensics, University of Portsmouth
https://www.port.ac.uk/news-events-and-blogs/blogs/security-and-risk/chinas-uk-election-hack-how-and-why-the-electoral-commission-was-targeted
>China’s UK election hack – how and why the Electoral Commission was targeted
It's taken three years to recover from China hack, election watchdog says
8 September 2025
Joe TidyCyber correspondent, BBC World Service
Getty Images A woman and a young child wearing pink walk into a polling stationGetty Images
The UK's elections watchdog says it's taken three years and at least a quarter of a million pounds to fully recover from a hack that saw the private details of 40m voters accessed by Chinese cyber spies.
Last year, the Electoral Commission was publicly reprimanded for a litany of security failures that allowed hacking groups to spy undetected, after breaking into databases and email systems.
In the first interview about the hack, the commission's new boss admits huge mistakes were made, but says the organisation is now secure.
"The whole thing was an enormous shock and basically it's taken us quite a few years to recover from it," says chief executive Vijay Rangarajan.
"The culture here has changed significantly now partly as a result of this. It's a very painful way to learn."
The Electoral Commission oversees elections and regulates political finance in the UK to ensure the integrity of the democratic process.
Mr Rangarajan was not CEO when the hack happened but says that colleagues described the chaos of discovering the hackers as "feeling like you'd been burgled whilst still inside the house".
The hackers first breach was in August 2021, using a security flaw in a popular software programme called Microsoft Exchange. The digital hole was being exploited by suspected Chinese spies around the world and organisations were being warned to download a software patch to protect themselves. Despite months of warnings, the commission failed to do so.
Hackers had access to the full open electoral register containing the names and addresses of all 40m UK voters.
They could also read every email sent and received at the commission.
The criminals weren't found until October 2022 during a password system upgrade.
Vijay Rangarajan wears a white shirt with the top button open and a black blazer as he sits for an interview with a neutral expression
The Electorial Commission's new Chief Executive Vijay Rangarajan spoke to the BBC about the hack
Cyber security failures
Not keeping software up to date was one of several basic security mistakes made including having bad password practices, failing a basic government-run security audit and ignoring advice from the National Cyber Security Centre.
The Information Commissioner's office issued a formal reprimand to the Electoral Commission but if equivalent mistakes were made in a private sector breach it would likely have led to a large fine.
Mr Rangarajan says that as well as the reprimand, stakeholders including in parliament were shocked by the complacency and asked "what were you doing?"
No individual person has been publicly reprimanded for the security lapses.
There were six by-elections during the period that hackers were inside the commission's IT networks but there is no evidence that anything was affected by it.
However the commission says it still doesn't know what the hackers were doing or what information they may have downloaded.
Mr Rangarajan admits that the hackers could have caused major disruption if they have installed malicious software or hampered communications during an election.
"All of this could have caused us amazing problems. It was a dangerous thing to have happened," he said.
Chinese spies were blamed for the attack and received sanctions from British and US authorities. China has always denied any involvement.
Mr Rangarajan said staff at the time didn't seem to think the commission would be targeted by hackers. This was despite high profile elections interference cases like the 2016 US presidential election hack of Hilary Clinton's emails.
"I don't think everyone realised quite how much democratic systems and electoral systems were targets. We tended to be quite comfortable in the way we runs things. We now have to be really up to speed with the threats," he said.
The Electoral Commission was given grants of more then £250,000 to recover from the breach and now says it is spending significantly more of its budget on cyber security.
It has now passed the National Cyber Security Centre's Cyber Essentials certification – the audit that an insider told the BBC it had failed in the build up to the hack. It has also achieved Cyber Essentials Plus – the highest level of certification from the scheme.
US edition coming tomorrow per JS
Exclusive: Video shows Arizona center processing ballots in manner that alarmed Congress’ monitors
The visit by the congressional staffers sparked concerns about how Maricopa County and an outsourced third-party elections facility were handling 2024 election ballots.
By Steven Richards and John Solomon
Published: March 15, 2026 11:05pm
Article
Dig Deeper
Video footage captured by congressional observers shows a third-party election vendor in Arizona’s largest county processing live ballots and performing signature verification in 2024 far away from the official Maricopa County election center where bipartisan monitors witness such activities, a discovery that prompted the observers to file a formal report alleging “alarming” concerns.
The video obtained by Just the News depicts a visit by one Republican and one Democratic congressional staffer to a third-party printing company responsible for conducting signature verification on ballots during the 2024 election.
After that visit, the Republican staffer reported back to Congress in a memo, raising concerns about how the county and its third-party contractor were handling ballots, Just the News exclusively reported last week.
Storage and sorting ballots a serious issue, both parties say
The staffer said that completed mail-in ballots were stored in the same room as blanks and were sorted by a third-party printing company that had no government officials or partisan observers on site.
In the memo, that staffer, a Republican, described in detail his visit to the third-party contractor, Runbeck Election Services, which was hired by Maricopa County to sort mail-in ballots for signature verification in preparation for counting at the county’s main election site.
The Republican staffer was joined by his Democratic counterpart during the visit, who the staffer says shared similar concerns about what they observed at the facility, according to the memo delivered to the House Administration Committee. That's the legislative panel responsible for overseeing federal elections.
The video was recorded during a tour of the facility conducted by an individual that the staffer described as Runbeck’s CEO in the memo, which was separately reviewed by Just the News.
As the Republican staffer noted in his memo to the House committee, there appeared to be no bipartisan election observers at the facility and workers said that no county election officials were present either.
According to the Arizona Secretary of State’s website, election observers may “observe at a central counting place and at each point where ballots are handled or transferred from one election official to another.”
While the definition does not specifically include third-party sorting sites, observers are permitted to carry out their activity at “any other significant tabulation or processing activities at a central counting place.”
An agreement that Runbeck signed with state lawmakers in early 2024 stated the company agreed to allow political party observers to watch the sorting process in its Maricopa facility after Republicans raised concerns about the third-party contract after the 2022 election, Votebeat Arizona reported.
Neither Runbeck nor Maricopa County responded to renewed requests for comment from Just The News about the congressional staffers' visit to the Runbeck facility in 2024.
Workers are seen in the video feeding completed mail-in ballots in signature green envelopes through a machine that is supposed to conduct signature verification. The machine sorts those ballots, after which workers prepare them to be shipped back to the main Maricopa County elections facility across town
Runbeck workers man a ballot sorting machine.
Runbeck_video_1
The footage shows an industrial shelf nearby where incoming ballots from the 2024 election in Maricopa were stored in open USPS boxes, awaiting signature verification.
Image
2024 election ballots on a shelf in Runbeck warehouse.
2024 election ballots on a shelf in Runbeck warehouse.
Runbeck_video_1
The video shows that just steps away from where workers were conducting the signature verification process on completed ballots, the facility stored pallets of fresh ballots and green vote-by-mail envelopes.
Image
Pallets of ballots and envelopes stored in Runbeck warehouse.
Pallets of ballots and envelopes stored in Runbeck warehouse.
Runbeck_video_1
The video in its entirety can be viewed below:
https://justthenews.com/politics-policy/elections/new-video-inside-congressional-observers-visit-maricopa-county-ballot
>US edition coming tomorrow per JS
>China’s UK election hack – how and why the Electoral Commission was targeted
RINOs are scared
‘We’re going to have a problem’:Republicans want Trump to move on from 2020
Facing a difficult midterm landscape, there's a growing view in the GOP that revisiting election grievances risks distracting from the issues that matter most.
President Donald Trump speaks at a women's history month event in the East Room at the White House, Thursday, March 12, 2026, in Washington. (AP Photo/Julia Demaree Nikhinson)
President Donald Trump speaks at a women's history month event in the White House on March 12, 2026. | Julia Demaree Nikhinson/AP Photo
By Erin Doherty, Lisa Kashinsky and Andrew Howard03/16/2026 05:40 AM EDT
President Donald Trump is bringing back 2020. Many Republicans wish he wouldn’t.
Conversations with nearly a dozen GOP state and county chairs and strategists reveal a party largely eager to move on from relitigating Trump’s election grievances, which they’re worried may detract from an economic message that actually motivates voters. But the president won’t let it go, subpoenaing 2020 election records and putting pressure on lawmakers to pass legislation to overhaul voter registration laws.
As Republicans stare down a treacherous midterm landscape, there’s a growing view inside the party that focusing on “stolen election” claims and voter fraud will kneecap them in the general election: That messaging might play well with the MAGA base in the primary, but it could alienate moderates tired of rehashing an election from nearly six years ago.
“I’m always one to believe you should look forward, not backward,” said Charlie Gerow, a Pennsylvania-based GOP strategist and Trump convention delegate who hosted a meeting of fake electors in 2020 at his Harrisburg-based public affairs firm. “It would be better if the midterms focused on the recovery of the economy and all the good things the Republican administration and Congress are doing to move the economy forward.”
In recent weeks, Trump has turned his sights on Maricopa County — Arizona’s largest county — subpoenaing records just weeks after the FBI raided an elections office outside Atlanta. He has revisited grievances that the 2020 election was “rigged,” suggested Republicans should nationalize elections and is demanding that lawmakers make passing the SAVE America Act, which would put in place stricter voting requirements, their “No. 1 priority.”
“Part of me understands it, and part of me just wants to move forward,” said Todd Gillman, chair of the Monroe County Republican Party in Michigan.
“Focus on the things that matter to everybody throughout the whole country,” he said, “or we’re going to have a problem in a few months.”
Trump does have backing from a number of Republicans, including some battleground-state GOP chairs who are not only embracing the president’s election probe, but openly encouraging his administration to audit their states’ records as they continue to push allegations of fraud from 2020.
Bruce Parks, the chair of the Washoe County, Nevada, GOP, said he would “absolutely” welcome a probe into his county and Clark County, the two largest in the state. And Jim Runestad, the chair of the Michigan Republican Party, suggested a review of records in Detroit, long a focal point of Trump’s 2020 election conspiracies.
“There’s no problem at taking a look at this and making sure everybody’s comfortable,” Runestad said.
Still, others say the risk is that voters simply don’t care — or have moved on. Republicans, including Trump’s own advisers, increasingly want him to focus on the economy ahead of the midterms.
That comes as polling repeatedly shows that economic issues — not election issues — top voters’ list of concerns. In a February POLITICO Poll, more than half of all Americans — 52 percent — said the cost of living was a top issue facing the U.S. By comparison, less than a quarter — 23 percent — said a top issue was the U.S.’ democracy being under threat, a view held predominately by Democrats.
Those cost of living worries are now being exacerbated by Trump’s war in Iran, which is driving up gas prices and wreaking global economic havoc as it enters its third week.
The White House said Trump’s efforts are aimed at restoring confidence in elections and reiterated the importance of passing the SAVE Act.
“[Trump] is committed to ensuring that Americans have full confidence in the administration of elections, and that includes totally accurate and up-to-date voter rolls free of errors and unlawfully registered non-citizen voters,” spokesperson Abigail Jackson said in a statement.
>‘We’re going to have a problem’:Republicans want Trump to move on from 2020
Buzz Brockway, a GOP strategist and former state representative in Georgia, called election issues a “huge distraction,” adding: “Nobody outside of a small dedicated group are talking about this, they’re talking about the economy, they’re talking about, now, the price of oil.”
Watch: The Conversation
56:23
War, Trump and Washington’s Gridlock | Sen. Katie Britt
In Georgia, long an epicenter of Trump’s repeated efforts to litigate the 2020 election, some Republicans say voters are now largely “immune” to the issue that’s been rehashed endlessly for the past five years.
Some state-level GOP officials are hoping Congress passes the SAVE Act — despite the reluctance of many Republican lawmakers — so it will give them enough cover with MAGA voters but allow them to avoid talking about election issues themselves.
While Trump’s “stolen election” claims may still be a driving force for some primary voters, the general electorate is focused elsewhere. And if Republicans make those grievances central to their midterm message, they risk falling into a similar trap Democrats confronted during the 2024 presidential election — when former Vice President Kamala Harris’ warnings about democracy won over already loyal Democrats but failed to sway enough of the swing voters she needed to clinch the presidency.
“You’ve got to at least touch that base,” said one Georgia-based GOP strategist, granted anonymity to speak candidly. But “once you’ve got the nomination, then I think it really collapses down into economic issues.”
That dynamic can create a political conundrum for Republican candidates.
“A savvy Democrat will put a candidate on the spot and say, ‘You agree with [Trump], don’t you?’ and make a mess,” Brockway said. Republicans have “got to figure out a way to deflect that question somehow, in a plausible way that doesn’t alienate this loud minority.”
https://www.politico.com/news/2026/03/16/gop-trump-voter-fraud-messaging-midterms-00828317