London: The UK government and cybersecurity experts have issued warnings after a China-linked hacking group, ‘Storm-1849’, infiltrated government networks and accessed sensitive data. The group’s nationality came to light when its operations temporarily paused during a Chinese public holiday.
According to industry analysts, Storm-1849 has targeted politicians, parliamentary staff, and organizations critical of the Chinese government, using phishing emails and cloud vulnerabilities to collect sensitive political information. The group earned the designation ‘Storm-1849’ after compromising a security company to establish long-term monitoring capabilities within government and defense networks.
Espionage Focused on Government and Critical Infrastructure
Experts note that Storm-1849’s attacks were not financially motivated, but aimed at espionage and surveillance. The group reportedly targeted government systems and financial institutions in the US, UK, and 12 other countries.
Jake Moore, a global cybersecurity adviser at ESET, explained, “This group specifically exploits weak network points to spy on communications and covertly monitor systems over time. Their operations represent a serious threat to governments and critical organizations worldwide.”
Chinese Holiday Confirms Origins
John Carberry of cybersecurity firm Xcape noted that Storm-1849 halted operations from October 1 to October 8, coinciding with China’s Golden Week, which celebrates the founding of the People’s Republic of China. This temporary pause provided a clear indicator of the group’s Chinese origin.
Reports indicate that the group has been actively targeting governments, defense organizations, and financial institutions since 2024.
Sensitive UK Data Accessed
During the breach, the UK’s Foreign Office and Home Office visa application records were accessed. Experts have warned that this data could have been used to monitor Hong Kong passport holders and political exiles residing in the UK.
Former government security adviser Robert Pritchard described the incident as a serious espionage operation, cautioning that the full impact of the breach may take considerable time to assess.
Impact on Companies and Technology Security
Cybersecurity firms Palo Alto Networks and Cisco confirmed that Storm-1849 also targeted their security infrastructure. Cisco stated that the same hackers were responsible for attacks against the company in 2024.
UK organizations, including the National Cyber Security Centre (NCSC) and the NHS, issued warnings that state-sponsored attackers were exploiting Cisco software vulnerabilities.
Government Response and Ongoing Investigation
A UK government spokesperson confirmed that the incident is under investigation and emphasized that the security of systems and sensitive data remains a top priority. Cybersecurity specialists noted that early disclosure of breaches can help other organizations strengthen defenses and prevent follow-up attacks.
Analysts caution that groups like Storm-1849 continue to exploit digital security weaknesses, highlighting the persistent cyber threat landscape facing the UK and other nations.
