The Czech government formally accused China of orchestrating a sophisticated cyberattack against its Ministry of Foreign Affairs, marking a significant escalation in diplomatic tensions between the two nations. Officials identified state-sponsored group Advanced Persistent Threat 31 (APT31), publicly linked to China’s Ministry of State Security, as responsible for the malicious cyber campaign that targeted Czech diplomatic communications and critical infrastructure.
The intrusion began in 2022 and persisted undetected for several months, coinciding with Czechia’s presidency of the Council of the European Union. Hackers gained access to unclassified email communications between the foreign ministry, Czech embassies, and EU institutions, conducting what officials characterized as cyberespionage focused on information theft. The attack targeted networks designated as Czech critical infrastructure, though investigators did not specify whether classified state secrets were compromised.
State-sponsored hackers infiltrated Czech diplomatic networks for months during the nation’s EU presidency, targeting critical infrastructure and stealing communications.
Czech security agencies, including the Security Information Service, Military Intelligence, and National Cyber and Information Security Agency, conducted an extensive investigation that reached a “high degree of certainty” regarding Chinese state involvement. The operation was found during its course, enabling authorities to implement mitigation measures and gather significant evidence before making public accusations.
The Czech Foreign Minister summoned China’s ambassador to address the attack and warned of potential consequences for bilateral relations. Government officials condemned the cyber campaign as a violation of international norms for state behavior in cyberspace, emphasizing the severity of attacks against diplomatic and critical infrastructure targets. The campaign combined traditional cyberattacks with manipulation and propaganda tactics to maximize its impact on Czech society.
EU and NATO allies expressed solidarity with Czech positions, whereas the European Union’s top diplomat called the incident an unacceptable breach of international rules. The timing during Czechia’s EU presidency heightened concerns about cyberthreats to member states during critical leadership periods, as hackers accessed communications with EU institutions, potentially affecting broader European diplomatic networks.
China denied involvement and accused other nations of targeting its networks. The incident prompted calls for improved cyber defense measures across EU diplomatic networks, underlining growing vulnerabilities in international diplomatic communications and the increasing sophistication of state-sponsored cyber operations targeting democratic institutions. Czech officials acknowledged this as the first national cyberattack they have formally attributed to a specific state actor.
