Following the national attribution process, the Government of the Czech Republic has identified the People´s Republic of China as being responsible for malicious cyber campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. The malicious activity, which lasted from 2022 and affected an institution designated as Czech critical infrastructure,  was perpetrated by the cyberespionage actor APT31 that is publicly associated with the Ministry of State Security.

An extensive investigation into the incident, which led to a high degree of certainty about the responsible actor,  was conducted jointly by the Security Information Service, Military Intelligence, Office for Foreign Relations and Information and National Cyber and Information Security Agency. 

The Government of the Czech Republic strongly condemns this malicious cyber campaign against its critical infrastructure. Such behavior undermines the credibility of the People´s Republic of China and contradicts its   public declarations. These activities are contrary to the norms of responsible State behaviour in cyberspace as endorsed by all UN Members. We call on the People´s Republic of China to adhere to these norms and principles, to refrain from such attacks and to take all appropriate measures  to address this situation.

The EU and its Member States and NATO Allies express solidarity with Czechia following this cyber attack.