Czechia Blames China for Ministry of Foreign Affairs Cyberattack

The Czech Republic has attributed a series of cyberattacks targeting its Ministry of Foreign Affairs and critical infrastructure organizations to the Chinese-backed APT31 hacking group. In a statement, the government condemned the malicious activity, which began in 2022, as "perpetrated by the cyberespionage actor APT31 that is publicly associated with the Ministry of State Security". The attacks have been described as a serious breach of international law and an attempt to undermine the credibility of China.

The Czech government's accusations are not new. In recent years, several European countries, including Finland and the United Kingdom, have also linked APT31 to high-profile hacking campaigns. In 2021, the United States and its allies blamed the Chinese MSS-linked APT31 and APT40 threat groups for an extensive hacking campaign that targeted over a quarter of a million Microsoft Exchange servers belonging to tens of thousands of organizations worldwide.

APT31, also tracked as Zirconium and Judgment Panda, has been linked to numerous espionage operations and is known for its involvement in the theft and repurposing of the EpMe NSA exploit years before Shadow Brokers leaked it in April 2017. Microsoft has observed APT31 attacks targeting high-profile individuals associated with Joe Biden's presidential campaign, while Google spotted them around the same time targeting "campaign staffers' personal email" accounts in phishing attacks.

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two APT31 operatives, Zhao Guangzong and Ni Gaobin, in March for their work as contractors for Wuhan XRZ, an OFAC-designated front company used by the Chinese MSS attacks against U.S. critical infrastructure. They were also sanctioned by the United Kingdom for targeting U.K. parliamentarians, breaching the GCHQ intelligence agency, and hacking into the country's Electoral Commission systems.

Additionally, the U.S. Justice Department charged the two APT31 hackers, along with five other defendants, for their involvement in the operations of Wuhan XRZ over at least 14 years. The U.S. State Department is now offering rewards of up to $10 million for information about Wuhan XRZ and APT31 that could assist in locating and/or arresting any of the seven Chinese hackers.

European Union member states and NATO allies have condemned the attack on Wednesday, asking China to adhere to the UN norms and respect international law. The Council of the EU stated that "malicious cyber activities linked to this country and targeting the EU and its Member States have increased" in recent years, and that it has repeatedly raised concerns during bilateral engagements.

The incident highlights the growing threat of state-sponsored hacking and the need for greater cooperation between countries to combat these threats. As the cyber landscape continues to evolve, it is essential for nations to work together to protect their critical infrastructure and prevent similar attacks in the future.

HACKER_BLOG

CZECHIA BLAMES CHINA FOR MINISTRY OF FOREIGN AFFAIRS CYBERATTACK

Czechia Blames China for Ministry of Foreign Affairs Cyberattack

Related Stories: