Chinese spies blamed for attempted hack on Czech government network

The Czech Republic on Wednesday accused the Chinese government of attempting to hack its Ministry of Foreign Affairs following an “extensive investigation” into the campaign, which it said began in 2022.

All three of Prague’s intelligence agencies and its cybersecurity agency assessed with “a high degree of certainty” that the cyber-espionage activity was perpetrated by APT31 — also tracked as Judgment Panda, Bronze Vinewood and RedBravo — which has been linked by Western governments to China’s Ministry of State Security.

Czech authorities said the malicious activity “affected an institution designated as Czech critical infrastructure.” They said the hackers had targeted one of the Ministry of Foreign Affairs’ unclassified networks, but did not confirm whether that network had been successfully breached.

Jan Lipavsky, the country’s foreign affairs minister, said the attribution was intended to expose China, “which has long been working to undermine our resilience and democracy. Through cyberattacks, information manipulation, and propaganda, it interfered in our society — and we must defend ourselves against that.”

Announcing that he had also summoned the Chinese ambassador to communicate to Beijing that “such hostile activities have a damaging impact on our bilateral relations,” Lipavsky added: “What matters most is that we detected the attackers during the operation itself and introduced a new communication system for the ministry that has significantly strengthened our security.”

Entities associated with the hacking group were sanctioned by the United States and United Kingdom last year and linked to China’s Ministry of State Security. At the time, the United States accused the group of targeting high-ranking government officials and critical infrastructure across the country.

According to British authorities, at the same time as the Chinese hacking group was targeting Czechia it was also conducting “online reconnaissance activity” against individuals in the House of Commons and House of Lords who had publicly criticized Beijing.

Lukáš Kintr, director of the National Cyber and Information Security Agency (NÚKIB), said: “The serious, malicious activity we faced in this case reflects a repeated pattern of behavior by the Chinese group APT31, which had previously targeted our allies.

“That is why we shared relevant information about the incident with our partners in the EU and NATO, but also with key partners in the Indo-Pacific, particularly through our network of cyber attachés. We deeply appreciate the cooperation and support we received from them,” added the NÚKIB director.

The attribution is the second time the Czech government has issued a public complaint to a foreign state over malicious cyber activity, following last year’s joint attribution with Germany about Russian cyber-espionage — which also involved Prague summoning the Russian ambassador.

The Czech announcement was supported by the European Union and NATO, with the EU’s high representative for foreign affairs, Kaja Kallas, calling out China and noting several member states have attributed similar activities to Beijing.

In a statement of solidarity, the North Atlantic Council — NATO’s political executive — said: “We strongly condemn malicious cyber activities intended to undermine our national security, democratic institutions and critical infrastructure,” and added: “We observe with increasing concern the growing pattern of malicious cyber activities stemming from the People’s Republic of China.”

In a statement from its embassy in the Czech Republic, China denied the allegations.