China suspected as UK Foreign Office confirms cyber attack

British government data has been stolen in a suspected Chinese cyberattack targeting the Foreign Office.

Trade Minister Chris Bryant confirmed the breach occurred in October, though he insisted the risk to individuals remains “low.”

The security gap was reportedly closed quickly after being detected by Foreign Office staff, but the incident has already been referred to the Information Commissioner’s Office.

While the government has not officially named a culprit, intelligence sources point toward a Chinese-affiliated group known as “Storm 1849.”

The hackers reportedly targeted systems operated by the Foreign Office on behalf of the Home Office. According to The Sun, the stolen information may include tens of thousands of sensitive visa details.

Cybersecurity experts have linked the incident to a sophisticated campaign called “ArcaneDoor.” First detected in 2024, this operation specifically targets government networks by exploiting vulnerabilities in network hardware.

“Chinese threat groups often target datasets that serve Beijing’s future interests,” noted Toby Lewis, head of threat analysis at Darktrace.

The timing is particularly awkward for Prime Minister Sir Keir Starmer. He is currently preparing for a landmark visit to Beijing next year – the first by a UK leader since 2018. Starmer has recently advocated for a “balanced” approach to China, arguing that the UK cannot ignore the superpower on trade and climate change. However, this latest breach underscores the “reality” of the national security threats he has acknowledged.

This is not an isolated incident. Last year, the UK blamed China for hacking the Electoral Commission, compromising the data of 40 million voters. GCHQ now devotes more resources to countering China than any other nation, describing it as a “defining force” in global technology and espionage.

Critics argue that ageing IT systems across Whitehall remain a major vulnerability. “Government departments need to invest in better digital defences because they will continue to be targeted,” warned Jake Moore, an advisor at ESET.

Experts suggest that as long as departments rely on “old IT,” state-sponsored actors will find ways to bypass safeguards.

The Chinese embassy in London has previously dismissed such claims as “malicious slander.” Beijing consistently denies any involvement in state-sponsored cyberattacks, maintaining that such accusations are fabricated.