Cyber Incident Victim: Petr Fiala
Date:
Apr 2025
Location:
Czechia
Summary
Czech Prime MinisterPetr Fiala's X account was accessed from abroad and used to publish false messages, including a claim that Russian forces had attacked Czech units near the Kaliningrad border and posts concerning responses to U.S. tariffs. The fraudulent content was removed, the account's regular activity resumed, and authorities launched an investigation into the breach, which affected the profile's 366,700 followers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Tuesday, April 8, 2025, the official X account of Czech Prime Minister Petr Fiala was compromised by an external actor operating from abroad, according to a statement from government spokesperson Lucie Michut Jesatkova. The breach resulted in the publication of several fake posts that appeared on the timeline of the account, which at the time had 366,700 followers. One of the fraudulent messages claimed in Czech that Russian forces had launched an attack on Czech military units near the Kaliningrad border, a statement that was later confirmed to be untrue. Additional fabricated posts in both Czech and English addressed the topic of responding to United States tariffs, presenting misleading information about the government’s position. The false content was detected quickly, and the spokesperson confirmed that the offending posts were removed from the account shortly after they were noticed. The spokesperson emphasized that the removed material did not reflect any official communication from the Prime Minister’s office. Reuters disseminated the information to its audience through its wire service.
Following the removal of the fraudulent messages, the Prime Minister’s office resumed posting regular content on the X account, indicating that normal communication had been restored. Lucie Michut Jesatkova told Reuters that the police had been notified and were investigating the origin of the attack, noting that the intrusion originated from outside the Czech Republic. The investigation is focused on identifying the perpetrators and determining how the account credentials were compromised. No further details about the investigative progress or potential suspects have been disclosed publicly. The incident confirms that the breach originated from outside the Czech Republic. The account’s follower count remained unchanged at 366,700, and no loss of followers was reported as a result of the temporary presence of the false posts. Authorities continue to monitor the account for any additional unauthorized activity while the investigation proceeds. The ongoing police investigation remains active, with no public timeline for its conclusion provided.