Russia is being pointed to as among the potential culprits behind the hack targeting the elections watchdog.
The details of tens of millions of voters could have been accessed by hackers who targeted the Electoral Commission, the body confirmed this week.
While it said there was little risk that the cyber attack could be able to influence the outcome of a vote, it apologised for the breach in its systems.
Cyber security experts believe that the hack bears the hallmarks of a state-backed attack.
It is most likely that the reason for this intrusion, given the type of data accessed and the length of time the adversary had in the network, fits with a state-led cyber operation— James Sullivan, Royal United Services Institute
James Sullivan, director of cyber research at the Royal United Services Institute for Defence and Security Studies (Rusi), said that determining the perpetrator was currently just speculation.
But he said it was difficult to ignore the “usual suspects” of Russia and China.
“Most state-led cyber operations are conducted to gather intelligence and spy. And when we look at some of the data that has been accessed, there was no financial impact from this incident as far as we know.
“It is most likely that the reason for this intrusion, given the type of data accessed and the length of time the adversary had in the network, fits with a state-led cyber operation,” he said.
The attack, which was publicly confirmed on Tuesday, was identified in October 2022, but the hackers had first been able to access the commission’s systems in August 2021.
The hackers were able to access reference copies of the electoral registers, held by the commission for research purposes and to enable permissibility checks on political donations.
The registers held at the time of the cyber attack included the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.
But they did not include the details of those registered anonymously.
When we are looking at this, I think it is probably appropriate to look to the usual suspects of hostile actors— James Sullivan, Royal United Services Institute
The register for each year holds the details of around 40 million individuals, which were accessible to the hostile actors, although this includes people on the open registers, whose information is already in the public domain.
The National Cyber Security Centre said it had provided the commission with expert advice and support.
Mr Sullivan stressed that whoever carried out the attack has “plausible deniability” and currently only limited information is known about the hack.
But he warned: “When we are looking at this, I think it is probably appropriate to look to the usual suspects of hostile actors.
“We have seen that China conducts a lot of espionage like this… They are willing to conduct espionage where they sit in a network for a long period of time.
“Russia as we know conducts all sorts of cyber operations, from cyber crime to espionage.”
Mr Sullivan added: “The best conclusion we can draw to who conducted this is the fact the threat actor was willing to sit quietly in the network for a long period. That certainly tallies with the type of espionage activity that hostile state actors would carry out.”
The Rusi expert said the hack highlighted that “parts of the UK’s democratic process and institutions are targets for hostile actors, so we should all rightly be concerned about that”.
There are, he added, lessons to be learnt and stressed the need for organisations not to wait to fall victim to a cyber attack before moving to secure their systems.
More broadly, Mr Sullivan said it was important to be aware of the “psychological impact” of hacks on bodies such as the Electoral Commission.
They can, he said, “undermine trust and confidence in the system and electoral processes and that can be taken advantage of in a number of ways”.