Cyber Incident Victim: Czech Republic
Date:
Sep 2018
Location:
Czechia
Summary
Czech intelligence attributed a major cyber attack on a key government institution to a state-linked Chinese actor, identifying China and Russia as the primary cybersecurity threats. The foreign ministry was repeatedly targeted, with Russian military intelligence suspected in a separate breach. The intelligence agency reported heightened espionage activities by Chinese and Russian diplomats, citing China's financial resources and Russia's large embassy presence. This assessment drew criticism from the country's president, who urged a focus on counterterrorism instead.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In 2018, a significant cyber attack targeted a key government institution within the Czech Republic, as confirmed by the country’s National Cyber and Information Security Agency (NUKIB). The agency’s 2018 report, disclosed in September 2019, attributed the attack to a state actor or a closely affiliated group, explicitly identifying a Chinese entity as the most probable perpetrator. While NUKIB did not publicly specify the exact nature of the compromised institution or the technical details of the intrusion, it emphasized the operation’s sophistication and alignment with state-sponsored tactics. The report further characterized China and Russia as the foremost threats to Czech cybersecurity, citing their sustained capabilities and strategic interests in the region. This assessment built upon NUKIB’s earlier warnings in its 2017 report, which documented intensified espionage activities by Russian and Chinese diplomats operating within Czech borders, facilitated by Russia’s large diplomatic presence in Prague and China’s substantial financial resources. The Czech Foreign Ministry emerged as a repeated target during this period, with a separate June 2019 intrusion linked by local media to Russia’s military intelligence unit (GRU), though NUKIB’s public statements focused primarily on the 2018 incident involving China.
The Czech government scheduled a cabinet discussion to review NUKIB’s findings on the Monday following the report’s initial disclosure, with the agency withholding full publication until that meeting. The disclosure of Chinese involvement drew immediate political attention, particularly from President Milos Zeman, who had previously criticized NUKIB’s focus on state-sponsored cyber threats from Russia and China. Zeman, known for his pro-Chinese and pro-Russian stances, publicly urged the intelligence service to prioritize countering Muslim terrorist activities instead of diplomatic espionage. The incident underscored persistent vulnerabilities within Czech governmental infrastructure and revealed ongoing tensions between intelligence assessments and political leadership regarding threat prioritization. No specific technical remediation measures or publicized containment actions related to the 2018 attack were detailed in the available reporting, though the agency’s continued public attribution reflected its assessment of the attack’s severity and origins.