Cyber Incident Victim: Ministry of Foreign Affairs of the Czech Republic

In July 2025, Czech President Petr Pavel met with the Dalai Lama. In the following weeks, the hackers conducted reconnaissance on Czech government targets including the Army, police, Parliament and Ministry of Foreign Affairs, according to the report. The attackers used highly-targeted and tailored fake emails and known, unpatched security flaws to gain access to these networks. According to the Palo Alto Networks report, they infiltrated networks of seventy organisations across thirty‑seven countries. These victims included five national law enforcement and border control agencies, three ministries of finance, one country’s parliament and a senior elected official in another state. The intruders hoovered up sensitive information, spied on emails, financial dealings and communications about military and police operations. They also stole information about diplomatic issues and remained undetected in some systems for months.

Palo Alto Networks researchers confirmed that the group successfully accessed and exfiltrated sensitive data from some victims’ email servers. The company said it notified the victims and offered them assistance. The US Cybersecurity and Infrastructure Security Agency said it was aware of the campaign and was working with its partners to stop hackers from exploiting any of the vulnerabilities identified in the report. Representatives of the FBI and CIA declined to comment on the matter. The NSA did not respond to a request for comment. The Czech National Cyber and Information Security Authority did not respond to a request for comment on the report. The Chinese Embassy in Prague has previously rejected allegations about attacks against the Czech Republic as unsubstantiated.