Cyber Incident Victim: Czech Republic
Date:
Sep 2018
Location:
Czechia
Summary
A major cyber attack targeting a key Czech government institution was attributed to a Chinese state actor or affiliated group by the nation's intelligence agency, which identified China and Russia as the primary cybersecurity threats. The foreign ministry faced repeated hacking attempts, with Russian military intelligence suspected in a separate incident. The intelligence report highlighted increased espionage activities by Russian and Chinese diplomats, citing Russia's large embassy presence and China's financial resources, prompting criticism from the Czech president who urged a focus on counterterrorism efforts instead.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In 2018, a major cyber attack targeted a key Czech government institution, as confirmed by the Czech National Cyber and Information Security Agency (NUKIB) in its 2018 report released in September 2019. NUKIB attributed the attack to a state actor or affiliated group, identifying "a Chinese actor" as the most likely perpetrator. The agency did not disclose technical specifics of the attack vector, compromised systems, or operational impacts beyond characterizing it as a significant incident against critical government infrastructure. The report broadly assessed China and Russia as posing the greatest cybersecurity threats to the Czech Republic, noting persistent targeting of government entities including the foreign ministry. The Czech cabinet scheduled a discussion of these findings for the following Monday, with NUKIB spokesman Radek Holy confirming the report would remain confidential until that deliberation. This attribution followed an earlier June 2019 cyber attack on the Czech foreign ministry, which local media outlet Denik N had linked to Russian military intelligence (GRU) based on unspecified evidence.
NUKIB's 2018 assessment built upon its 2017 report, which documented increased espionage activities by Russian and Chinese diplomats operating within the Czech Republic. The agency cited Russia's substantial embassy presence in Prague and China's significant financial resources as enabling factors for these operations. The 2017 findings had drawn public criticism from Czech President Milos Zeman, who challenged NUKIB's focus on state-sponsored threats from these nations. Zeman urged the intelligence service to prioritize counterterrorism efforts against Muslim groups instead, reflecting his administration's geopolitical alignment with Beijing and Moscow. The 2018 report's release underscored ongoing tensions between Czech intelligence assessments and presidential foreign policy preferences regarding cyber threat prioritization. No technical remediation measures or diplomatic responses to the 2018 attack were disclosed in the available reporting.