Cyber Incident Victim: Česká tisková kancelář
Date:
Apr 2024
Location:
Czechia
Summary
An attacker compromised the publishing system account of a news website operated by Česká tisková kancelář, posting fabricated articles in Czech and English falsely claiming Slovakia's security service prevented an assassination attempt on its newly elected president. The fake content included a forged statement attributed to the Czech foreign minister and triggered mobile app notifications. The organization confirmed its core news distribution service remained unaffected, removed the false reports, and blocked further unauthorized access. The incident involved coordination with national security agencies and law enforcement. The targeted website publishes approximately 15% of the agency's full news service content, which remains available to clients through other channels.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 23, 2024, an unidentified attacker compromised the publishing system account of České noviny (ČN), a news website operated by Česká tisková kancelář (ČTK). The breach occurred during the morning hours, enabling the perpetrator to publish fabricated content on the ČN platform. Two false articles were posted: one carried the headline "BIS zabránila pokusu o atentát na nově zvoleného slovenského prezidenta Petra Pelligriniho" (BIS Prevented an Assassination Attempt on Newly Elected Slovak President Peter Pellegrini), while the other purported to be an emergency statement from Czech Foreign Minister Jan Lipavský regarding the same fictitious event. The attacker published both articles in Czech and English versions, accompanied by push notifications distributed through the ČN mobile application. ČTK confirmed these texts did not originate from its editorial operations and were never part of its official news service distributed to media and non-media clients. The compromised content remained visible until ČTK's intervention, after which the articles were deleted from the website and access controls implemented.
ČTK's primary news distribution service remained unaffected throughout the incident, as the attacker only breached systems associated with the České noviny website, which publishes approximately 15% of ČTK's total news output. The agency initiated containment measures by removing the fraudulent articles and blocking further unauthorized access to the publishing system. ČTK engaged multiple national security entities in response, including the Security Information Service (BIS), the National Office for Cyber and Information Security (NÚKIB), and law enforcement agencies. No technical specifics regarding the breach methodology or duration of unauthorized access were disclosed. The agency declined to provide additional details beyond confirming the incident's occurrence and its limited scope relative to ČTK's full news service operations, which continued undisrupted through alternative distribution channels including the Infobanka ČTK platform.