Czech Republic Blames China-Linked APT31 for Cyberattacks on Critical Infrastructure!

The government of the Czech Republic has publicly attributed recent cyberattacks targeting the country’s Ministry of Foreign Affairs and critical infrastructure organizations to APT31, a state-sponsored hacking group with ties to the Chinese government.

“The malicious activity, which began in 2022 and affected entities deemed part of the Czech Republic’s critical infrastructure, was conducted by the cyber-espionage group APT31, which is publicly linked to the Ministry of State Security,” officials declared.

“The Government of the Czech Republic strongly condemns this hostile cyberattack on vital national infrastructure. Such actions erode trust in the People’s Republic of China and stand in stark contradiction to its publicly stated commitments.”

Czech allies have likewise condemned the intrusions, urging China to adhere to UN norms and respect international law. This incident is merely the latest in a series of sophisticated campaigns attributed to APT31.

Just two months ago, Finnish police confirmed that APT31 was behind the March 2021 breach of the Finnish Parliament, during which several email accounts—including those belonging to members of parliament—were compromised.

In July 2021, the United States and its allies formally accused Chinese-affiliated groups APT31 and APT40, both linked to the Ministry of State Security (MSS), of orchestrating a massive hacking operation that compromised over a quarter of a million Microsoft Exchange servers across tens of thousands of organizations worldwide.

“In recent years, we have witnessed an increase in malicious cyber activities linked to this country and directed against the EU and its member states. In 2021, we called on Chinese authorities to take decisive action against the malicious cyber operations originating from their territory,” stated the Council of the EU on Wednesday, May 28.

APT31—also known by the aliases Zirconium and Judgment Panda—has long been associated with China’s MSS and is notorious for a string of cyber-espionage operations. The group is known to have stolen and repurposed the NSA’s EpMe exploit years before it was leaked by the Shadow Brokers in April 2017.

Furthermore, APT31 has been implicated in large-scale surveillance campaigns, including interference in electoral processes in the United States and the United Kingdom, intrusions into governmental systems, and attacks on critical infrastructure. These activities have led to sanctions and criminal indictments against several group members in both nations.

Cyber espionage, now a weapon of geopolitical influence, increasingly violates not only national borders but the trust between nations. And as long as nation-states remain the architects of these incursions, calls for adherence to international norms may remain little more than diplomatic echoes in the shadow of an already unfolding silent cyberwar.