The Czech government has publicly accused APT31, a Chinese state-linked cyber-espionage group, of infiltrating its foreign ministry’s networks in a years-long cyber campaign that officials say targeted critical infrastructure with “high certainty.”
In a rare and direct rebuke, Czech authorities said the attack was orchestrated by APT31, a well-known hacking unit tied to China’s Ministry of State Security (MSS). According to the Czech government’s statement on Wednesday, the intrusion began as early as 2022 and remained undetected for an extended period, compromising unclassified systems inside the Ministry of Foreign Affairs.
Prague Calls Out Beijing’s Cyber Operations
“The Government of the Czech Republic strongly condemns this malicious cyber campaign against its critical infrastructure,” the statement read. “Such behavior undermines the credibility of the People’s Republic of China and contradicts its public declarations.”
Prague also asserted that China’s actions violated international norms: “This activity is contrary to the norms of responsible state behavior in cyberspace as endorsed by all UN Members.” The government urged Beijing to cease such operations and take “appropriate measures” to prevent further incidents.
While the Czech statement didn’t disclose technical indicators or what sensitive data may have been accessed or exfiltrated, local reports suggest the compromised systems have since been isolated and rebuilt.
EU Backs Czech Republic, Condemns APT31 Activity
The European Union echoed the Czech Republic’s concerns, issuing a separate statement condemning the malicious behavior attributed to APT31. The EU warned that China-based cyber actors have escalated their activity against member states and called for restraint.
“We strongly condemn malicious cyber activities,” the EU said. “We call upon all states, including China, to respect international law and adhere to the UN norms and principles, especially those protecting critical infrastructure.”
The EU further stressed that no country should allow its territory to be used for malicious cyber operations.
APT31 — also known by aliases Zirconium and Judgment Panda — has long been a tool of Beijing’s cyber-espionage operations. The group has targeted political institutions, corporations, and think tanks across Europe, North America, and Asia. Their goal: to steal diplomatic communications, intellectual property, and sensitive government strategies.
In 2023, the U.S. and U.K. unsealed criminal charges and imposed sanctions against individuals linked to APT31. Authorities described the group as central to advancing China’s political and economic intelligence gathering, directly serving the MSS.
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) also sanctioned APT31-linked hackers and a Wuhan-based tech company accused of fronting several MSS-backed cyber campaigns.
As global scrutiny grows around China’s cyber activities, the Czech Republic’s bold attribution adds to mounting pressure on Beijing to halt operations that violate international norms and threaten democratic institutions worldwide.
