National Cyber and Information Security Agency

The EU has introduced a new tool to strengthen the security of ICT supply chains - the ICT Supply Chain Security Toolbox. The foundations were laid by the Czech Presidency of the Council of the EU

Today saw the launch of the EU ICT Supply Chain Security Toolbox, a joint non-binding EU approach to assessing and mitigating cybersecurity risks in ICT supply chains. Building on all-risks approach, the strictly actor and technology-agnostic Toolbox identifies possible risk scenarios affecting ICT supply chains and, based on these, offers coordinated recommendations for risk assessment and mitigation. The recommendations concern, among other things, the promotion of multi-vendor strategies and reducing dependence on high-risk suppliers. The document also complements the implementation of Article 22 of the NIS2 Directive and can make it easier for Member States to harmonize their supply chain security management practices.

The toolbox and its recommendations are primarily designed for public institutions of member states, but can also be applied more broadly, by the private sector. EU Member States and the wider community thus gain a practical guide to a structured solution to a long-term security problem. The Toolbox was adopted by the Network and Information Security Cooperation Group, which consists of representatives of EU Member States, the European Commission, and the European Union Agency for Cybersecurity (ENISA).

"Secure ICT supply chains are one of the key conditions for ensuring our resilience, not only in cyberspace, as the National Cyber and Information Security Agency has been long pointing out. The need to adopt a common approach to this issue was agreed upon by EU member states during the Czech Presidency of the Council of the EU in 2022. The Toolbox is thus a concrete result, building on the pioneering efforts of the Czech Republic and NÚKIB experts. It was also largely developed over three years by a team of representatives from across the EU, co-led by the Czech Republic" said NÚKIB Director Lukáš Kintr.

Along with the Toolbox, the Cooperation Group also adopted two coordinated risk assessments that already build on the Toolbox framework approach for two product groups:

Connected and autonomous vehicles (CAVs) – while connected and autonomous vehicles have security and energy advantages, they also pose a risk in terms of cybersecurity; the report therefore highlights the risks associated with connectivity, software updates, and the collection of large amounts of data (not only about the crew) in cloud systems. These vehicles and the data collected can then be misused by malicious actors. Detection equipment used at borders and airports – the analysis highlights, among other things, the current dominance of small number of non-EU suppliers leading to dependencies on one supplier and vendor lock-ins and the absence of competitive European ones.

The non-binding Toolbox is the result of long-term work within the EU, and member states are now invited to work on its application. An assessment of progress in its application, including lessons learned and challenges identified, will then take place next year.

Official Press Release of the European Commission: https://digital-strategy.ec.europa.eu/en/news/eu-launches-new-toolbox-strengthen-ict-supply-chain-security

ICT Supply Chain Security Toolbox and the risk assessments: https://digital-strategy.ec.europa.eu/en/library/toolbox-improve-ict-supply-chain-security

 

2026-02-13

NÚKIB has joined an international warning about pro-Russian hacktivist groups attacking critical infrastructure entities

National Cyber and Information Security Agency (NÚKIB), together with the Military Intelligence Service, the National Centre for Counterterrorism, Extremism and Cybercrime, the United States and other partners, has joined a warning issued by the U.S. Federal Bureau of Investigation (FBI) about cyberattacks carried out by pro-Russian hacktivist groups targeting critical infrastructure.

Unlike advanced persistent threat (APT) actors, these groups use less sophisticated methods with lower impact. However, such attacks can still result in damage to the targeted systems. These groups often lack understanding of the processes they attempt to disrupt, which can lead to unintended consequences, including physical damage to systems.

Pro-Russian hacktivist groups mentioned in the warning include, for example, Cyber Army of Russia Reborn (CARR), Z-Pentest, NoName057(16), Sector16 and other affiliated actors. Regarding the group NoName057(16), which primarily focuses on DDoS attacks and has targeted Czech institutions and companies, NÚKIB has recorded 42 cyber incidents since 2023 — all of them DDoS attacks.

Pro-Russian hacktivists employ easily accessible and easily replicable tactics, which can contribute to a higher frequency of disruptions. These groups often carry out attacks through poorly secured, publicly accessible VNC connections, which they use to gain access to the control systems of operational technology (OT).

The advisory includes specific recommendations for owners and operators of OT systems — such as limiting OT device access to public networks, implementing robust authentication, configuring safe value ranges within systems, and regularly monitoring operational data.

This is historically the second Joint Cybersecurity Advisory related to Russian threats published in cooperation with U.S. partners. The advisory also serves as an example of the operational collaboration between NÚKIB and the United States in the area of information sharing and cyber threat analysis.

You can find the full text of the advisory here:Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure | CISA

2025-12-11

NÚKIB Supports the UK in Calling Out Malicious Cyber Activities Used by Chinese Companies I-S00N and Integrity Tech

The National Cyber and Information Security Agency (NÚKIB) supports the statement made by its partners in the United Kingdom, who draw attention to the malicious activities of companies Anxun Information Technology (also "I-S00N") and Beijing Integrity Technology (also "Integrity Tech") operating in cyberspace and based in the People’s Republic of China (PRC). These companies are part of a complex ecosystem of private entities in the PRC that, among other things, develop offensive tools for the local intelligence and security services and, with the knowledge of the PRC government, carry out operations against the Czech Republic and its allies. National security institutions and international organizations are increasingly coordinating their efforts to draw attention to China’s malicious activities.

Based on its own findings and information from domestic and foreign partners, NÚKIB has repeatedly warned against activities originating from this ecosystem, including those carried out by state actors. These activities pose a growing threat to the Czech Republic, as evidenced by the APT31 cyber campaign, which the Czech government publicly attributed to the PRC in 2025, as well as joint advisories prepared with foreign partners, particularly those from September 2025 focusing on the actor Salt Typhoon.

NÚKIB is therefore publishing its own analysis of I-S00N, which provides a detailed look at how it operates within the ecosystem of private companies whose malicious activities are enabled, supported, and exploited by the PRC. According to information leaked on the Github website, Chinese company I-S00N was developing offensive cyber tools, including hardware tools for penetration testing, on behalf of Chinese state institutions. The named recipients of these tools include various local offices of the Chinese Ministry of Public Security, the Ministry of State Security, and the Chinese People's Liberation Army, and it is likely that the tools were also used by other institutions.

"This situation is supported by the legal and political environment in the PRC, which gives the government extraordinary control over the internet and technology companies. The Chinese Communist Party intervenes in all areas of society, including non-governmental organizations, state-owned and private enterprises, and branches of foreign companies. In addition, the state influences formally private companies through ownership shares known as "Golden Shares" and mandatory party cells, which are established within companies under a 2013 law," said Martina Ulmanová, deputy director for Strategic Affairs and Engagement at NÚKIB.  NÚKIB drew attention to the problematic legal and political environment in the PRC in a warning issued on September 3, 2025, among other things.

The PRC's support and use of malicious cyber activities by private entities violates UN standards for responsible state behaviour in cyberspace, thereby acting in contravention of its international obligations and its own public statements.

The UK press statement can be found here: https://www.gov.uk/government/news/uk-clamps-down-on-china-based-companies-for-reckless-and-irresponsible-activity-in-cyberspace

 

2025-12-10

NÚKIB Visit to Texas Confirms Mutual Interest to Strengthen Cybersecurity Cooperation

From November 19–21, Berta Jarošová, Cyber Attachée for the USA, visited San Antonio, Texas, to establish contacts and discuss opportunities for collaboration between the National Cyber and Information Security Agency (NÚKIB) and local institutions in the field of cybersecurity. The visit focused on sharing experiences in combating cyber threats, education and research cooperation. Discussions with representatives from government, private and research institutions in San Antonio, home to entities such as the National Cryptologic Center of the NSA, confirmed mutual interest in expanding cooperation in cybersecurity and further strengthening the partnership between the Czech Republic and the State of Texas in this strategic area.

The NÚKIB representative held talks with the newly established Texas Cyber Command, led by Admiral Timothy White, which has a similar role to NÚKIB in the state of Texas. The main topic was the sharing of experiences in building cybersecurity frameworks, managing cyber incidents and communicating with critical infrastructure entities. She also met with members of the Texas National Guard, with whom the Czech Army has a long-standing partnership within the State Partnership Program. Some of the National Guard members had previously participated in the Cyber Žižka cybersecurity exercise in the Czech Republic.

A key objective of the visit was to establish contacts with the University of Texas San Antonio (UTSA) and visit the National Security Collaboration Center. The NÚKIB representative met with the leadership of the Institute for Cyber Security and the Center for Infrastructure Assurance and Security to discuss opportunities for deepening collaboration between Czech and American researchers through joint projects, exchange programs or other educational activities. The Cyber Attachée also met with and discussed topics with high school students from the Institute for Cybersecurity & Innovation, which supports the next generation of cybersecurity experts.

"Texas is the state with the largest Czech diaspora in the United States and we share historical ties. The local expert community is very active. The creation of the Texas Cyber Command, which, despite its name, has functions very similar to those of NÚKIB, opens up new opportunities for cooperation. The University of Texas San Antonio also has a memorandum of cooperation with the Czech Technical University (ČVUT). UTSA has recently established the College of Artificial Intelligence, Cyber and Computing, which offers a chance to strengthen research cooperation specifically in the field of cybersecurity," said Jarošová.

The visit also included discussions on cooperation with Czech technology companies during a tour of Port San Antonio, a cutting-edge campus for the defense and industrial sectors that offers opportunities in technology testing, development and cybersecurity.

2025-12-08