The Czech Republic has formally accused a threat actor linked to the People’s Republic of China (PRC) of orchestrating a cyber intrusion into its Ministry of Foreign Affairs, raising concerns over state-sponsored espionage and national security implications. This accusation was made public on Wednesday, as Czech officials highlighted the targeting of one of their unclassified networks, although the full extent of the breach remains unclear.
In a statement by the government, officials detailed that the malicious campaign has been ongoing since 2022, affecting what they described as critical infrastructure for the Czech Republic. They called this behavior detrimental to the credibility of China and in direct contradiction to its public affirmations regarding responsible state conduct in cyberspace. The Czech government emphasized that such actions are against the norms that are generally endorsed by members of the United Nations.
The attack has been attributed to a state-sponsored hacking group known as APT31, which has been active since at least 2010. This group is also associated with various aliases such as Bronze Vinewood and Judgement Panda. The U.S. Department of Justice (DoJ) asserts that this group employs diverse tools and techniques to infiltrate target networks and often utilizes public code-sharing platforms to mask its command and control traffic. Reports suggest that APT31 primarily targets organizations within government or defense supply chains.
Recent moves by the DoJ to indict several alleged hackers affiliated with APT31 emphasize the ongoing threat posed by this group, which reportedly launched notable cyber espionage operations against critics of the Chinese government and other political entities. Earlier this year, the group was implicated in a cyberattack against the Finnish Parliament, further illustrating its ability to strike at key governmental institutions across Europe.
The Czech Republic’s government has condemned the reported cyber activities, urging the PRC to adhere to international cybersecurity norms. The atmosphere is tense as European nations grapple with the increasingly sophisticated tactics used by Chinese state-sponsored actors, leading to calls for enhanced cooperation among Western nations regarding cybersecurity defenses.