Report alleges China-linked cyber intrusion at UK Foreign Office
The UK government is responding to a report that its computer systems were compromised earlier this autumn by a Beijing-linked hacking group.
The claim was reported by The Sun newspaper on Wednesday evening, which said a group known as Storm-1849 – also referred to by cybersecurity researchers as ArcaneDoor – accessed servers at the Foreign, Commonwealth and Development Office (FCDO) in October.
It alleges that the Chinese hackers may have obtained confidential material, including personal data connected to visa applications.
Trade Minister Chris Bryant confirmed to the BBC on Friday morning that government data has been stolen in an attack but that the risk to individuals is "low."
A spokesperson FCDO told Cybernews this morning that it was investigating a cyber incident although it did not attribute it to a particular threat group.
"We have been working to investigate a cyber incident. We take the security of our systems and data extremely seriously."
FCDO spokesperson
While the government has classed risk to citizens as low, security experts make the point that such espionage intrusions are intended at building intelligence profiles, understanding policy deliberations, or mapping government networks.
“The real risk isn't immediate financial harm to citizens, but rather long-term erosion of national security and diplomacy,” said Dray Agha, senior manager of security operations at Huntress.
“State-affiliated cyber operations are primarily about persistent, strategic intelligence gathering, not just immediate, disruptive attacks,” Agha added.
Dan Panesar, chief revenue officer at Certes, added, “Unlike commodity cybercrime, sophisticated state-linked actors have the resources and persistence to target, map, and extract high-value data for strategic advantage.
“Government systems often hold personal identifiers, internal communications, policy drafts, and operational details that can be exploited for espionage, geopolitical leverage, or future attacks.”
Dan Panesar, Certes
The threat group Storm-1849 has previously been identified by Western cybersecurity agencies as a China-linked espionage operation.
In March 2024, the UK government formally accused China of cyberattacks targeting MPs and the Electoral Commission, an incident that exposed data related to around 40 million voters and took several years to remediate.
Separately, cybersecurity firm Palo Alto Networks Unit 42 reported last month that Storm 1849 was attempting to exploit vulnerabilities in unpatched Cisco firewall devices used by government and public sector organizations internationally.
US security watchdog CISA ordered federal agencies to urgently patch affected systems.
UK security services have also issued warnings to parliament about Chinese state-linked actors seeking to cultivate relationships with MPs and parliamentary staff through professional networking platforms.
The reported UK Foreign Office incident comes amid broader concerns about the security of government databases following a recent cyberattack on France’s Interior Ministry, which French authorities said affected millions of records.
It also coincides with heightened diplomatic engagement between the UK and China. Prime Minister Keir Starmer is due to visit China in January, while the government is considering whether to approve a proposed Chinese embassy development in central London.
Unlock more exclusive Cybernews content on YouTube.
