National Cyber and Information Security Agency

NÚKIB Issues a Warning Regarding Certain Products of the Company DeepSeek

On 10 July 2025 the National Cyber and Information Security Agency (NÚKIB) issued a WARNING regarding a cybersecurity threat associated with the use of products, applications, solutions, websites, and web services, including application programming interfaces (so-called APIs), provided by the company DeepSeek or any of its predecessors, successors, parent, subsidiary, or affiliated companies (hereinafter collectively referred to as ‘affected products’) on devices that access the information and communication systems of critical information infrastructure, information systems of essential services and important information systems. The Warning takes effect for obligated entities under the Act on Cyber Security from the moment it is published on NÚKIB’s official notice board.

Based on the issued Warning, entities obligated under the Act on Cybersecurity must take the threat into account in their risk analyses and respond to the identified risks by implementing adequate security measures. The threat is rated as ‘High’, corresponding to a probability ranging from likely to very likely.

At the same time, we also recommend that the public carefully assess the use of the affected products, or alternatively, consider what kind of information they put into them. For so-called persons of interest, i.e. individuals in high political, public, or decision-making positions, we recommend refraining from using the affected products altogether. The issued Warning and the above-mentioned recommendations are in accordance with the Act on Cyber Security, which tasks NÚKIB, among other responsibilities, with ensuring cybersecurity prevention.

 The primary security concerns stem from insufficient protection of data transmission and handling, from the collection of data types which, in greater volume, may lead to user de-anonymization, and lastly, from the legal and political environment of the People’s Republic of China to which the company DeepSeek is fully subject.

This Warning does not apply to security testing, research, or analysis of the affected products, nor to open-source large language models developed by the company DeepSeek, whose source code is publicly accessible and which are deployed locally, without any capability to communicate with servers used by the company DeepSeek or its related entities (i.e. predecessors, successors, parent, subsidiary, or affiliated companies).

‘In the analysis that led to this Warning, we relied on a combination of our own findings and information from our international partners. The affected products of the company X handle data in a way that may pose a security risk for entities falling under the Act on Cyber Security. In the context of the legal environment of the People’s Republic of China – which allows state authorities access to such data – these concerns are entirely justified. This is further confirmed by the recent public attribution of a cyberattack by the APT31 group, linked to China, against the Czech Ministry of Foreign Affairs. It shows that Beijing is prepared to act in direct contradiction to the interests of the Czech Republic,’ said NÚKIB Director Lukáš Kintr.

You can find the full text of the warning here.

 

Simultaneously with this Warning, the Government of the Czech Republic approved a resolution on 9 July 2025 concerning the affected products of the company DeepSeek, which will soon be available here. By this resolution, government members, ministries, and other central administrative authorities are instructed to ensure that their subordinate ministries and other administrative bodies do not use, in the execution of their duties, products, applications, solutions, websites, and web services (including APIs) provided by the company DeepSeek or any of its predecessors, successors, parent, subsidiary, or affiliated companies.

The ban applies to use of the aforementioned on any state-owned devices. According to Article IV, paragraph 4 of the Government’s Rules of Procedure, the obligation imposed by the resolution must be fulfilled within 30 days.

As with the NÚKIB Warning, this resolution does not apply to open-source large language models (LLMs) developed by the company DeepSeek, provided their full source code is publicly available for review and analysis and they are deployed locally without any capability to communicate with servers used by the company DeepSeek or its related entities.

2025-07-10

NÚKIB and Microsoft Confirm Cybersecurity Cooperation by Signing a Memorandum

At the international security forum Globsec, held on Thursday, June 12, 2025, in Prague, representatives of the National Cyber and Information Security Agency (NÚKIB) and Microsoft signed the Memorandum of Understanding. The memorandum was signed on behalf of NÚKIB by its director Lukáš Kintr, and on behalf of Microsoft by Amy Hogan-Burney, Vice President, and Michal Stachník, General Manager of Microsoft Czech Republic and Slovakia.

This memorandum represents a significant step forward in developing cooperation between the public and private sectors in cybersecurity, contributing to the overall strengthening of the Czech Republic’s cyber resilience. It builds on the shared commitment of both NÚKIB and Microsoft to foster a safer and more resilient cyberspace. It also provides a framework for practical collaboration in areas such as sharing expertise, supporting education, and leveraging emerging technologies, including artificial intelligence, to defend against cyber threats. The memorandum further confirms the intent of both parties to engage in a regular dialogue and jointly enhance cybersecurity capacities.

‘Cooperation with technology leaders such as Microsoft is the key to strengthening the cybersecurity of the Czech Republic,’ emphasized Lukáš Kintr, Director of NÚKIB. ‘The signed memorandum sets a clear framework for knowledge sharing and joint threat response. It is another concrete step towards greater resilience of our state in cyberspace,’ he said, adding: ‘Protection against cyberattacks is not possible without trust and open communication. Timely information sharing and swift coordination have already prevented several attacks in the past. NÚKIB has long been building a community of people and institutions who see cybersecurity as a shared responsibility, and this collaboration is a clear example of that.’

Amy Hogan-Burney, Microsoft’s Global Director for Customer Security and Trust, praised the recent public disclosure of the cyberattack by a Chinese actor targeting the Czech Ministry of Foreign Affairs, and the open communication, which helps build trust – something she called vital in the current geopolitical landscape. She added: ‘Our goal is to share as much information as possible and to be transparent about attacks on our systems or those of our customers. It is very important that governments take the same approach. Only then can we effectively deter future attacks. I personally look forward to continuing our cooperation with you.’

Michal Stachník, General Manager of Microsoft Czech Republic and Slovakia, also highlighted the importance of long-term partnerships with strong institutions like NÚKIB. He mentioned today’s key geopolitical topics as well: ‘The signing of this memorandum builds upon our commitments to Europe, including the expansion of cloud and AI infrastructure aimed at strengthening digital sovereignty and economic competitiveness across the continent. Microsoft has also made a legal commitment to protect Europe’s digital resilience – even in the face of geopolitical pressures, including legal challenges against any attempt to disrupt services in Europe – and has reinforced its focus on compliance with European laws and data protection.’

2025-07-02

The Czech Government Has Publicly Attributed Cyberattacks to China: Actor APT31 Linked to the Chinese Ministry of State Security Has Targeted the Infrastructure of the Czech Ministry of Foreign Affairs

On 28 May 2025, the Government of the Czech Republic announced a national attribution of a malicious cyber campaign conducted by actor APT31, which is associated with the Chinese Ministry of State Security. Since at least 2022, this group has been attacking one of the unclassified networks of the Czech Ministry of Foreign Affairs.

‘As this institution is considered to be critical national infrastructure, NÚKIB together with all three Czech intelligence services conducted a comprehensive and thorough investigation. Its goal was to both identify the origin of the attack and, in cooperation with the Czech Ministry of Foreign Affairs, secure their compromised network and prevent similar incidents in the future,’ stated Lukáš Kintr, Director of the National Cyber and Information Security Agency (NÚKIB).

The conclusions of the analysis conducted by NÚKIB, Military Intelligence, the Office for Foreign Relations and Information, and the Security Information Service clearly indicate that the People’s Republic of China is behind this long-term malicious campaign, most likely through the actor APT31 (also known as Zirconium or Judgment Panda), which has been linked to numerous attacks against foreign political and other targets, among others, in EU and NATO countries.

The Czech Republic has also been cooperating with international partners in this area for a long time. Following intensive consultations, EU Member States and NATO Allies expressed solidarity with the Czech Republic in response to the revealed malicious campaign. Both organizations also unanimously called on the People’s Republic of China to behave responsibly and to adhere to the UN norms it had voluntarily committed to.

‘Cyber threats know no borders, and that is why international cooperation is such a key element of our response. It is an essential foundation of cybersecurity and of any effective defense against increasingly sophisticated cyberattacks. The serious, malicious activity we faced in this case reflects a repeated pattern of behavior by the Chinese group APT31, which had previously targeted our Allies. That is why we shared relevant information about the incident with our partners in the EU and NATO, but also with key partners in the Indo-Pacific, particularly through our network of cyber attachés. We deeply appreciate the cooperation and support we received from them,’ added the Director of NÚKIB.

Statement by the Government of the Czech Republic

Joint Statement by the EU

Joint Statement by NATO

2025-05-28

The National Cyber and Information Security Agency of the Czech Republic Co-Seals Publications on SIEM and SOAR Platforms with the Australian Signals Directorate and International Partners

The initiative includes collaboration with international partners such as the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Federal Bureau of Investigation (FBI), the Canadian Centre for Cyber Security (CCCS), the National Cyber Security Centre of New Zealand (NCSC-NZ), the United Kingdom’s National Cyber Security Centre (NCSC-UK), Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and Japan Computer Emergency Response Team (JPCERT), the Republic of Korea’s National Intelligence Services (NIS), and Cyber Security Agency of Singapore (CSA).

The publication series consists of 3 publications:

Implementing SIEM and SOAR platforms – Executive guidance defines SIEM and SOAR platforms, explains their value and also their challenges, and provides high-level recommendations for implementing them. It is targeted at executives, but can be used by any organization that is considering whether and how to implement a SIEM and/or SOAR. Implementing SIEM and SOAR platforms – Practitioner guidance provides high-level guidance for cyber security practitioners and describes how a SIEM/SOAR can enhance visibility, detection and response, as well as principles for procurement, establishment, and maintenance of those platforms. Priority logs for SIEM ingestion: Practitioner guidance provides practitioners with detailed logging guidance for specific categories of log sources, such as from Endpoint Detection and Response tools, Windows/Linux operating systems, network devices, and Cloud deployments

“I am pleased that NÚKIB was able to contribute to the second co-sealed series of documents led by the ASD, particularly its focus on SIEM and SOAR platforms, technologies that are increasingly being adopted across the Czech Republic. The recommended principles reflect the long-standing security standards that NÚKIB has consistently promoted. It is essential for organisations to commit not only to initial investments in security technologies but also to continuous support for the people and processes that operate them. A SIEM or SOAR solution that is not ingesting relevant data, and is not actively monitored and tuned, is unlikely to detect or respond to threats effectively, “said Lukáš Kintr, Director of NÚKIB.

These publications demonstrate the collective effort of global partners to strengthen cybersecurity and protect critical infrastructure from evolving cyber threats. Read the publications here.

2025-05-27