UK Foreign Office victim of cyber-attack in October, says Chris Bryant

. UK edition

Chris Bryant said it was ‘not entirely clear’ if China was behind the attack on the UK’s FCDO.
Chris Bryant said it was ‘not entirely clear’ if China was behind the attack on the UK’s FCDO. Photograph: Richard Baker/In Pictures/Getty

Minister says risk to ‘any individual’ from cyber-attack is low and that it is still unclear who is responsible

The UK’s Foreign, Commonwealth and Development Office was hacked in October, a minister has said.

Chris Bryant, a trade minister in Keir Starmer’s government, told Sky News there was a low risk to “any individual” from the cyber-attack.

Details of the hack emerged on Friday in a report by the Sun that claimed a Chinese hacking group was behind it.

But Bryant told broadcasters it was “not clear” who perpetrated the attack and cautioned against speculation. “There certainly has been a hack at the FCDO and we’ve been aware of that since October,” Bryant told Sky News.

The Sun named Storm 1849 as the Chinese group responsible for the breach, which it said was understood to possibly include tens of thousands of visa details. The group has been “accused of targeting politicians and groups critical of the Chinese government”, the newspaper said.

A government spokesperson told the Guardian: “We have been working to investigate a cyber incident. We take the security of our systems and data extremely seriously.”

Although little is known about Storm 1849, it has been linked to a hacking campaign named ArcaneDoor first detected in 2024. Its victims have included government networks, according to the US tech firm Cisco, which had its technology targeted in those attacks.

Cisco issued an updated alert about ArcaneDoor activity in late September, shortly before the Foreign Office hack reportedly took place. It has said the attacks have shown the hallmarks of a “sophisticated state-sponsored actor”.

Toby Lewis, the global head of threat analysis at the UK cybersecurity company Darktrace, said it would be “reasonable” to suggest the ArcaneDoor and Whitehall attacks might be linked.

“It would be fair to say these two things happened broadly at the same time and it would be a reasonable hypothesis to suggest they are linked,” he said.

Lewis added that Chinese state-backed actors are known to target large sets of data. In 2024 the government blamed China for a hack of the UK’s Electoral Commission, in which access was gained to the personal information of approximately 40 million people.

“We do see some Chinese threat groups targeting datasets that might serve a benefit to Beijing in the future,” said Lewis.

Bryant said the investigation could take “quite a long time” to identify the attacker.

He said: “We managed to close the hole, as it were, very quickly. There was a technical issue in one of our sites, I gather, and we’re fairly confident there’s a low risk of any individual actually being affected by this.

“I know that some of the reports have said potentially various things could happen. I think that’s a bit more speculation than is helpful. So I don’t want to scaremonger. We are on top of it. And also, it’s not entirely clear where this has come from. I know everybody’s speculating about that as well.”

Asked if China was behind the attack, Bryant said: “That’s not entirely clear.”