Cyber Incident Victim: City of Prague
Date:
Mar 2021
Location:
Czechia
Summary
A massive cyber attack targeted public administration systems in the City of Prague, prompting an immediate outage of the email system to contain the threat. The mayor confirmed servers survived with minimal damage, attributing data preservation to redundant storage and stating no backup recovery was necessary. The incident was reported to national cyber authorities, with affected organizations receiving support to mitigate impacts. While the Czech Ministry of Labour and Social Affairs also reported being targeted, preliminary assessments indicated no data leaks or system damage. National agencies highlighted serious vulnerabilities in Microsoft Exchange Server—previously exploited in other attacks—as a potential attack vector, noting prior warnings about urgent updates. This incident followed multiple recent cyber attacks against Czech state entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 5, 2021, Prague Mayor Zdeněk Hřib publicly disclosed a large-scale cyberattack targeting the city’s public administration systems via a Twitter announcement. The attack prompted an immediate shutdown of the email system to contain potential damage, though Hřib stated servers "survived" with minimal harm. Data integrity was preserved due to redundant storage practices, eliminating the need for backup restoration. By the following morning, email functionality was restored. Hřib indicated timely warnings were issued to city districts, suggesting coordinated defenses. The incident was reported to the Czech Republic’s National Cyber and Information Agency (NUKIB), with Prague pledging full investigative cooperation. Concurrently, Czech Labour and Social Affairs Minister Jana Maláčová confirmed her ministry was also targeted, though no specifics were provided. A ministry spokesperson stated no evidence of data leaks or system damage had been found during preliminary assessments.
NUKIB acknowledged assisting affected entities, including Prague and the ministry, but withheld details regarding attack scope or identities of compromised organizations. The agency linked the incident to actively exploited vulnerabilities in Microsoft Exchange Server, referencing prior advisories urging immediate patching—particularly for internet-exposed systems. NUKIB collaborated with the National Center against Organised Crime to mitigate damage. Microsoft had previously confirmed these vulnerabilities enabled remote email account access. While NUKIB did not attribute responsibility, the attack followed a pattern of cyber incidents targeting Czech critical infrastructure, including prior breaches at Prague Airport and healthcare facilities. No further technical specifics, attacker motives, or data compromise claims were substantiated in initial disclosures.