Spy Agency Chief Warned House of Commons About Chinese Cyberattack More Than a Year in Advance

June 7, 2024 TruthUSA

The House of Commons was made aware of another cyber threat more than a year before the recent Chinese cyberattack on parliamentarians in 2021, according to a senior official from a spy agency who spoke to MPs.

Caroline Xavier, the chief of the Communications Security Establishment (CSE), revealed this information during her testimony before the House of Commons Standing Committee on Procedure and House Affairs on June 6. Testifying before the committee, she disclosed that the CSE had successfully thwarted a cyberattack attempt prior to the APT31 attack, providing technical details to the House of Commons IT security officials between January and April 2021.

The committee is currently investigating the 2021 incident where 18 parliamentarians were targeted by APT31, a Chinese hacker group. This attack was exposed in a U.S. indictment released in March, which charged seven Chinese nationals associated with the group for targeting U.S. and foreign businesses, political officials, and critics of Beijing for over 14 years.

Ms. Xavier mentioned that CSE had collaborated with the House of Commons and the Canadian Security Intelligence Service to prevent the compromise by the sophisticated actor mentioned. The House of Commons and Senate operate independently from the CSE and decide how to communicate with MPs and senators even after being informed of cyberattacks.

Information Sharing

In June 2022, CSE received a report from the U.S. Federal Bureau of Investigation detailing emails targeting individuals worldwide, including Canadian parliamentarians. This information was shared with the House of Commons IT administrators.

Related Stories

House Committee Begins Study of Chinese Cyberattack Against Lawmakers

Chinese Cyber Threat ‘Outpaces Other Nations,’ Spy Agency Says in Rare Public Warning

Conservative MP Garnett Genuis, one of the 18 parliamentarians targeted by APT31, raised concerns about the information-sharing process and why the government didn’t directly inform the affected members of parliament.

Rajiv Gupta from the Canadian Centre for Cyber Security explained that CSE reports usually come with caveats preventing further sharing of information without explicit authorization. Mr. Genuis criticized the process, questioning why it was complicated for the government to inform the affected MPs directly so they could take preventive measures.

Ms. Xavier acknowledged the need to learn from this incident to improve future responses.

Source link