Cyber Incident Victim: Czech Parliament

Palo Alto Networks reported that an Asian cyber‑espionage group spent the past year infiltrating computer systems belonging to governments and critical infrastructure organisations in more than 37 countries, compromising the networks of approximately 70 organisations including five national law enforcement and border control agencies, three ministries of finance, one country’s parliament and a senior elected official in another nation. The attackers used highly‑targeted and tailored fake emails alongside known, unpatched security flaws to gain initial access, then maintained persistence for months to exfiltrate sensitive information such as email communications, financial dealings and details about military and police operations. Palo Alto Networks researchers confirmed that the group successfully accessed and exfiltrated data from some victims’ email servers, notified the affected organisations and offered assistance, while also naming certain victims in its public report. The US Cybersecurity and Infrastructure Security Agency acknowledged the campaign and stated it was working with partners to prevent further exploitation of the vulnerabilities identified in the report, although representatives of the FBI and CIA declined to comment and the NSA did not respond to requests for comment.

In July 2025, Czech President Petr Pavel met with the Dalai Lama, and in the subsequent weeks the hacking group conducted reconnaissance on Czech government targets that included the Army, the police, the Parliament and the Ministry of Foreign Affairs, according to the Palo Alto Networks report. The Czech National Cyber ​​and Information Security Authority did not respond to a request for comment on the findings, and the Chinese Embassy in Prague previously dismissed allegations of attacks against the Czech Republic as unsubstantiated. The report also noted that the group’s activities coincided with various geopolitical events, such as diplomatic missions, trade negotiations, political unrest and military actions, which appeared to inform the timing and focus of their intrusion efforts. While the specific outcome of the reconnaissance against the Czech Parliament was not detailed in the source material, the group’s broader pattern involved compromising email servers and extracting sensitive data from the networks they accessed.

The attackers’ operations extended beyond Europe, with the Ministry of Mines and Energy of Brazil—a major holder of rare earth mineral reserves—being compromised, and suspected activity reported in Germany, Poland, Greece, Italy, Cyprus, Indonesia, Malaysia, Mongolia, Panama and additional countries. Palo Alto Networks indicated that the espionage‑motivated campaign allowed the actors to gather information on diplomatic issues, military and police operations and financial dealings, often remaining undetected for extended periods. The firm’s notification and assistance to victims, combined with the involvement of CISA and other international partners, constituted the primary response actions described in the available reports. No further details regarding containment, remediation or specific impact assessments for the Czech Parliament were provided in the source material.