(Bloomberg) -- China is likely using data from hacks of UK government institutions to build profiles of British military personnel and people in other sensitive roles as Beijing expands espionage against the US and its allies, government officials and cyber experts said.

State-backed hackers obtained the names, bank account details and in some cases addresses of thousands of British soldiers, sailors and air force pilots in a cyberattack on the payroll system of Britain’s Ministry of Defence, Defense Secretary Grant Shapps told the House of Commons on Monday. He declined to attribute blame, but said the UK cannot rule out the involvement of another state. Government officials earlier Tuesday attributed it to China. 

“This sensitive information could aid China in mapping the UK’s defense capabilities, as well as identifying potential targets for recruitment or coercion,” said Federico Charosky, founder and chief executive officer of Edinburgh, Scotland-based cybersecurity firm Quorum Cyber. “Personnel contained within the list will have access to classified information.”

The breach — which Shapps said affects as many as 272,000 people — came just weeks after the UK government accused Chinese state actors of accessing the personal information of some 40 million voters by hacking an electoral database, as well as a separate 2021 hack against British parliamentarians. The US, Australia and New Zealand have accused Chinese state actors targeting public institutions with cyberattacks in recent years. 

China on Tuesday rejected suggestions it’s involved. “We strongly oppose such accusations,” a spokesperson for the Chinese embassy in London said, describing them as “completely fabricated and malicious slanders.” 

It had “all the hallmarks of hybrid warfare,” said Luke de Pulford, director of the Inter-Parliamentary Alliance on China, a group which takes a hawkish stance on Beijing.

Charlie Parton, a former diplomat who worked nearly 40 years with the UK Foreign Office, mostly in China, said the incident fits the Chinese Communist Party’s pattern of targeting military service members from the Five Eyes intelligence sharing alliance of the U.S., the UK, Canada, Australia and New Zealand.

“The CCP has past form in attacking personnel data bases, the most egregious example being the hack of the US Office of Personnel Management,” he said, referencing the 2015 hack of more than 22 million records on U.S. government employees, including their applications for security clearances.

“China certainly sees the value in collecting treasure troves of personal data, which it will use to target military officers or civilian officials for intelligence approaches or further hacks to get at information,” said Parton, now a fellow at the Council on Geostrategy and the Royal United Services Institute think thanks in London. 

Shapps and Prime Minister Rishi Sunak both attributed the attack to a “malign actor.” The premier declined in a Sky News interview to blame it on China, saying more broadly that Britain’s policy to the Asian nation is “very robust.”

“They are a country with fundamentally different values to ours,” he said. “They’re acting in a way that is more authoritarian at home, assertive abroad.”

The string of high-profile cybersecurity incidents which Western officials have blamed on China puts the spotlight on what Beijing is trying to do with the information its actors are accused of obtaining. British ministers have been keen to stress that each of the recent cyberattacks had seen only relatively low-level personal information compromised, downplaying the level of immediate threat to individuals. 

Instead, China’s strategy appears to be to use a series of hacks a mass intelligence collection exercise, piecing together information from different databases and cross-checking it with publicly available social media profiles to produce analyses of British national security personnel, government officials and experts said.

The information could be used “to build a big picture of Ministry of Defense personnel,” said Don Smith, vice president of threat research at the cybersecurity firm SecureWorks. “It’s about making sure you understand your enemy. It’s got to be an objective for the Chinese state to understand the UK’s political, economic and defensive positions.”

China’s motivations could vary from gaining a better understanding of Britain’s military and intelligence capabilities, to trying to track the movements of personnel, as well as identifying people Beijing could approach for espionage purposes, officials said. Some 20,000 Britons had been contacted by Chinese state actors on LinkedIn with the aim of obtaining government and business secrets, Ken McCallum, the head of Britain’s domestic spy agency MI5 said last year.

Greg Levesque, chief executive officer of Utah-based Strider Technologies, a company that mines public records in China for clues about IP theft, said Chinese intelligence services are amassing a global repository of data on foreigners that’s being used to further Beijing’s strategic aims. 

Government agencies in China are using those datasets to “recruit scientists, corporate executives, and retired military or government personnel across the West,” he said. 

Fraud is another possible motive. The government was monitoring the dark web to see if the information by the hackers had been posted there for other criminals to access, government officials said.

Attention is also focusing on the role of third-party data services providers to government bodies, since the MoD payroll system was run by a private company. Shapps named the contractor that was hacked as SSCL, saying a security review is under way, and “appropriate steps will be taken.”

“Understanding what steps third party providers take to safeguard information is a critical part of cyber risk management,” said James Sullivan, cyber director at the Royal United Services Institute. “This appears to be a weak link for the MoD on this occasion.”

--With assistance from Ellen Milligan.

©2024 Bloomberg L.P.