Czech Republic Attributes Cyberattack on Ministry of Foreign Affairs to Chinese Actors

The Czech Republic has attributed a series of cyberattacks targeting the Ministry of Foreign Affairs and critical infrastructure to the Chinese-linked APT31 hacking group. This malicious activity, which commenced in 2022, has been identified as being perpetuated by a cyber-espionage actor closely associated with the Ministry of State Security of China.

The Czech government has issued a strong condemnation of this cyber campaign, describing it as a direct threat to the country’s critical infrastructure and branding such actions as detrimental to the credibility of the People’s Republic of China, contradicting its public declarations.

In response to these allegations, European Union member states and NATO allies have expressed their unified condemnation of the attack, urging China to adhere to United Nations norms and to demonstrate respect for international law.

Earlier this year, Finnish authorities confirmed that hackers identified as APT31 were responsible for a breach of the Finnish parliament in March 2021, which involved compromising multiple email accounts belonging to Finnish members of parliament.

In July 2021, the United States, in conjunction with its allies, officially blamed the APT31 and APT40 threat groups, affiliated with the Chinese Ministry of State Security, for an extensive campaign that targeted over 250,000 Microsoft Exchange servers globally, affecting tens of thousands of organizations.

According to the Council of the European Union, there has been an uptick in malicious cyber activities linked to China targeting EU member states. The Council noted that it had previously urged Chinese authorities to address these cyber threats and indicated that several member states have reported similar activities at their national levels. These concerns have been repeatedly communicated during bilateral discussions and will continue to be raised in the future.

APT31: Background and Sanctions

APT31, also known as Zirconium or Judgment Panda, has been linked to the Chinese Ministry of State Security and is notorious for numerous espionage operations. The group has been implicated in the theft and exploitation of the EpMe NSA exploit well before its public disclosure in April 2017.

Notably, Microsoft reported observing APT31 actively targeting high-profile individuals associated with the Biden presidential campaign four years ago, while Google recorded their efforts to compromise personal email accounts of campaign staffers through phishing attacks.

The U.S. Treasury Department’s Office of Foreign Assets Control sanctioned two operatives of APT31, Zhao Guangzong and Ni Gaobin, for their roles as contractors for Wuhan XRZ, a front company associated with attacks against U.S. critical infrastructure. These individuals have also faced sanctions from the United Kingdom due to their involvement in targeting UK parliament members and compromising the systems of the UK Electoral Commission.

In a broader effort to combat these cybersecurity threats, the U.S. Justice Department has charged the two APT31 hackers, along with five additional defendants, for their ongoing activities associated with Wuhan XRZ over at least 14 years. Presently, the U.S. State Department is offering rewards of up to $10 million for information that leads to the location and arrest of any of the identified APT31 hackers.