Downing Street is looking at whether China, Iran or North Korea was behind a cyber attack which exposed the data of up to 40 million British voters.
The Telegraph understands security services are widening the net in the search for the “hostile actors” who hacked the Electoral Commission database. Russia remains a prime suspect but ministers are not ruling out the involvement of another state that may wish to undermine British democracy.
One source said the UK was in a “grey zone” cyber conflict with Russia, Iran, China and North Korea, adding that they were all “testing our defences”. They added that the Government was constantly beefing up the country’s digital defences and that other Western nations are also being targeted.
The Electoral Commission revealed on Tuesday that it had been the victim of a “complex cyber attack” and said it had called in experts from GCHQ.
The watchdog, which holds the personal data of around 40 million voters, said it was unlikely that the breach could be used to influence the next election.
But there are security fears that the personal details like names and addresses of vulnerable and high-risk groups have been accessed by foreign powers.
The Telegraph revealed on Tuesday that UK intelligence services had found evidence that linked the attack on the Electoral Commission to Russians. It is understood that security experts also found signs that ransomware, which can block users from accessing files, had been found on its system.
Sir David Omand, a former director of GCHQ, told the BBC that Russia was “first on my list of suspects” who may have carried out the cyber attack.
Sir Richard Dearlove, the former head of MI6, agreed and told The Telegraph that: “Russia would be at the top of the suspects list by a mile.”
Too early to ‘pin the blame’
But James Sullivan, from the Royal United Services Institute, a defence and security think tank, said it was too early to definitively pin the blame on Moscow for the attack. He said: “When we are looking at this, I think it is probably appropriate to look to the usual suspects of hostile actors.
“We have seen that China conducts a lot of espionage like this. They are willing to conduct espionage where they sit in a network for a long period of time. Russia, as we know, conducts all sorts of cyber operations, from cyber crime to espionage.”
The breach was first detected by security experts last October, at which point they realised that hackers had been able to access the system since August 2021.
They were able to access the details of all those who were in the system between 2014 and last year, as well as the names of those registered as overseas voters.
But those people who registered anonymously, meaning that their details were not made publicly available, were not impacted by the leak, the watchdog said.