Cyber Incident Victim: HZS Zlínského kraje
Date:
Mar 2025
Location:
Czechia
Summary
HZS Zlínského kraje experienced a cyber attack that led to immediate protective measures, including the adoption of an alternative communication system to preserve emergency response functions. The incident is being investigated by police cybercrime units and the National Cyber and Information Security Office, while IT specialists have isolated affected workstations to assess damage and begin system restoration. No additional information about the attack’s source or method has been disclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
OnMonday morning, 24 March 2025, the fire brigade of Hradec and Zlín Region (HZS Zlínského kraje) became the target of a cyber attack. The organization immediately implemented necessary measures to ensure that emergency activities and operational procedures were not restricted. To maintain accessibility for citizens and the provision of assistance during emergencies, an alternative method of communication was introduced in the affected regions. The fire brigade stated that it was cooperating with the National Cybernetic and Information Security Office and the Czech Police to manage the incident.
Police confirmed that they had received a report of the cyber attack on the fire rescue service and that the case was being handled by the National Centre against Terrorism, Extremism and Cybercrime (NCTEKK), with an investigation underway. A police spokesperson noted that no further details would be provided while the investigation continued. IT specialists from the fire brigade disconnected the affected workstations from the network and began analysing the scope of the damage while working to restore the compromised systems. The fire brigade also reported that it was cooperating with the National Office for Cyber and Information Security (NÚKIB), whose spokesperson confirmed that the office was intensively dealing with the Monday attack on firefighters in the two regions. The NÚKIB spokesperson said that, at that time, she could not disclose the type of cyber attack, its origin, or whether the incident was limited to Monday.
The fire brigade stated that it did not wish to publish further information about the incident. Because the investigation is still ongoing, the involved agencies have refrained from releasing specific technical details about the attack vector, the systems impacted, or any potential data loss. As of the statements provided, the fire brigade had introduced an alternative method of communication in the affected regions to ensure that accessibility of HZS and the provision of assistance to citizens during emergencies were not compromised.