The Czech Republic has taken a bold step in accusing the Chinese government of being behind a malicious cyber campaign that targeted the country's Ministry of Foreign Affairs. In a public statement issued on May 28, Czech authorities revealed that Beijing had sponsored cyber espionage actor APT31 to conduct the campaign and target one of the unclassified networks of the Ministry.

The campaign began in 2022 and affected an institution designated as critical infrastructure in the Czech Republic, according to four government agencies that investigated the incident. These agencies included the Security Information Service (BIS), Military Intelligence (VZ), the Office for Foreign Relations and Information (ÚZSI), and the National Cyber and Information Security Agency (NÚKIB).

The extent of the breach remains unverified, but the Czech government is calling on China to adhere to norms of responsible state behavior in cyberspace. The accusations are seen as a significant development, marking the first time the Czech Republic has officially attributed a cyber-attack to a nation-state actor.

"With today's move, we have exposed China, which has long been working to undermine our resilience and democracy," said Jan Lipavský, the Czech Foreign Minister. "Through cyber-attacks, information manipulation and propaganda, it interferes in our society – and we must defend ourselves against that."

Lipavský also summoned Chinese ambassador Feng Biao to discuss the incident. The EU and its Member States, as well as NATO Allies, have expressed solidarity with Czechia following this cyber-attack.

The North Atlantic Council, NATO's political executive body, has also condemned the malicious cyber activity targeting the Czech Republic, saying it is evidence of "the growing pattern of malicious cyber activities stemming from the People's Republic of China."

APT31, a cyber espionage group also known as Violet Typhoo, Bronze Vinewood, Judgment Panda, Zirconium and RedBravo, has been active since at least 2012. Several Western governments believe APT31 to be linked to China's Ministry of State Security (MSS). The group has been accused of stealing intellectual property, particularly targeting data that gives organizations a competitive edge.

Notably, APT31 has been behind several high-profile hacks in the past, including the 2021 breach of UK parliamentarians' emails. In March 2024, the US Department of Justice unsealed an indictment charging seven Chinese individuals associated with APT31 with conspiracy to commit computer intrusions and wire fraud.