National Cyber and Information Security Agency

NÚKIB has joined an international warning about pro-Russian hacktivist groups attacking critical infrastructure entities

National Cyber and Information Security Agency (NÚKIB), together with the Military Intelligence Service, the National Centre for Counterterrorism, Extremism and Cybercrime, the United States and other partners, has joined a warning issued by the U.S. Federal Bureau of Investigation (FBI) about cyberattacks carried out by pro-Russian hacktivist groups targeting critical infrastructure.

Unlike advanced persistent threat (APT) actors, these groups use less sophisticated methods with lower impact. However, such attacks can still result in damage to the targeted systems. These groups often lack understanding of the processes they attempt to disrupt, which can lead to unintended consequences, including physical damage to systems.

Pro-Russian hacktivist groups mentioned in the warning include, for example, Cyber Army of Russia Reborn (CARR), Z-Pentest, NoName057(16), Sector16 and other affiliated actors. Regarding the group NoName057(16), which primarily focuses on DDoS attacks and has targeted Czech institutions and companies, NÚKIB has recorded 42 cyber incidents since 2023 — all of them DDoS attacks.

Pro-Russian hacktivists employ easily accessible and easily replicable tactics, which can contribute to a higher frequency of disruptions. These groups often carry out attacks through poorly secured, publicly accessible VNC connections, which they use to gain access to the control systems of operational technology (OT).

The advisory includes specific recommendations for owners and operators of OT systems — such as limiting OT device access to public networks, implementing robust authentication, configuring safe value ranges within systems, and regularly monitoring operational data.

This is historically the second Joint Cybersecurity Advisory related to Russian threats published in cooperation with U.S. partners. The advisory also serves as an example of the operational collaboration between NÚKIB and the United States in the area of information sharing and cyber threat analysis.

You can find the full text of the advisory here:Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure | CISA

NÚKIB Supports the UK in Calling Out Malicious Cyber Activities Used by Chinese Companies I-S00N and Integrity Tech

The National Cyber and Information Security Agency (NÚKIB) supports the statement made by its partners in the United Kingdom, who draw attention to the malicious activities of companies Anxun Information Technology (also "I-S00N") and Beijing Integrity Technology (also "Integrity Tech") operating in cyberspace and based in the People’s Republic of China (PRC). These companies are part of a complex ecosystem of private entities in the PRC that, among other things, develop offensive tools for the local intelligence and security services and, with the knowledge of the PRC government, carry out operations against the Czech Republic and its allies. National security institutions and international organizations are increasingly coordinating their efforts to draw attention to China’s malicious activities.

Based on its own findings and information from domestic and foreign partners, NÚKIB has repeatedly warned against activities originating from this ecosystem, including those carried out by state actors. These activities pose a growing threat to the Czech Republic, as evidenced by the APT31 cyber campaign, which the Czech government publicly attributed to the PRC in 2025, as well as joint advisories prepared with foreign partners, particularly those from September 2025 focusing on the actor Salt Typhoon.

NÚKIB is therefore publishing its own analysis of I-S00N, which provides a detailed look at how it operates within the ecosystem of private companies whose malicious activities are enabled, supported, and exploited by the PRC. According to information leaked on the Github website, Chinese company I-S00N was developing offensive cyber tools, including hardware tools for penetration testing, on behalf of Chinese state institutions. The named recipients of these tools include various local offices of the Chinese Ministry of Public Security, the Ministry of State Security, and the Chinese People's Liberation Army, and it is likely that the tools were also used by other institutions.

"This situation is supported by the legal and political environment in the PRC, which gives the government extraordinary control over the internet and technology companies. The Chinese Communist Party intervenes in all areas of society, including non-governmental organizations, state-owned and private enterprises, and branches of foreign companies. In addition, the state influences formally private companies through ownership shares known as "Golden Shares" and mandatory party cells, which are established within companies under a 2013 law," said Martina Ulmanová, deputy director for Strategic Affairs and Engagement at NÚKIB.  NÚKIB drew attention to the problematic legal and political environment in the PRC in a warning issued on September 3, 2025, among other things.

The PRC's support and use of malicious cyber activities by private entities violates UN standards for responsible state behaviour in cyberspace, thereby acting in contravention of its international obligations and its own public statements.

The UK press statement can be found here: https://www.gov.uk/government/news/uk-clamps-down-on-china-based-companies-for-reckless-and-irresponsible-activity-in-cyberspace

NÚKIB Visit to Texas Confirms Mutual Interest to Strengthen Cybersecurity Cooperation

From November 19–21, Berta Jarošová, Cyber Attachée for the USA, visited San Antonio, Texas, to establish contacts and discuss opportunities for collaboration between the National Cyber and Information Security Agency (NÚKIB) and local institutions in the field of cybersecurity. The visit focused on sharing experiences in combating cyber threats, education and research cooperation. Discussions with representatives from government, private and research institutions in San Antonio, home to entities such as the National Cryptologic Center of the NSA, confirmed mutual interest in expanding cooperation in cybersecurity and further strengthening the partnership between the Czech Republic and the State of Texas in this strategic area.

The NÚKIB representative held talks with the newly established Texas Cyber Command, led by Admiral Timothy White, which has a similar role to NÚKIB in the state of Texas. The main topic was the sharing of experiences in building cybersecurity frameworks, managing cyber incidents and communicating with critical infrastructure entities. She also met with members of the Texas National Guard, with whom the Czech Army has a long-standing partnership within the State Partnership Program. Some of the National Guard members had previously participated in the Cyber Žižka cybersecurity exercise in the Czech Republic.

A key objective of the visit was to establish contacts with the University of Texas San Antonio (UTSA) and visit the National Security Collaboration Center. The NÚKIB representative met with the leadership of the Institute for Cyber Security and the Center for Infrastructure Assurance and Security to discuss opportunities for deepening collaboration between Czech and American researchers through joint projects, exchange programs or other educational activities. The Cyber Attachée also met with and discussed topics with high school students from the Institute for Cybersecurity & Innovation, which supports the next generation of cybersecurity experts.

"Texas is the state with the largest Czech diaspora in the United States and we share historical ties. The local expert community is very active. The creation of the Texas Cyber Command, which, despite its name, has functions very similar to those of NÚKIB, opens up new opportunities for cooperation. The University of Texas San Antonio also has a memorandum of cooperation with the Czech Technical University (ČVUT). UTSA has recently established the College of Artificial Intelligence, Cyber and Computing, which offers a chance to strengthen research cooperation specifically in the field of cybersecurity," said Jarošová.

The visit also included discussions on cooperation with Czech technology companies during a tour of Port San Antonio, a cutting-edge campus for the defense and industrial sectors that offers opportunities in technology testing, development and cybersecurity.

The National Cyber and Information Security Agency of the Czech Republic Co-Seals Publications on Modern Defensible Architecture

The National Cyber and Information Security Agency of the Czech Republic Co-Seals Publications on Foundations for Modern Defensible Architecture, Modern Defensible Architecture for Senior Decision Makers and Investing in Modern Defensible Architecture with the Australian Signals Directorate and International Partners.

In addition to NÚKIB, the following entities also signed the documents: the Canadian Centre for Cyber Security (CCCS), National Cyber Security Centre of New Zealand (NCSC-NZ), Computer Emergency Response Team (JPCERT), National Cybersecurity Office (NCO) and National Police Agency (NPA) of Japan, National Intelligence Service of Republic of Korea (NIS) and Bundesamt für Sicherheit in der Informationstechnik, Germany (BSI).

The publication series consists of 3 publications:

Foundations for Modern Defensible Architecture - The Foundations are a baseline set of secure design and architecture activities that prepare organisations to adapt to current and emerging cyber threats and challenges. They provide a cohesive, logical approach for designing, building, maintaining, updating and enhancing digital systems. Each of the Foundations represents an organisational goal or capability that facilitates a more efficient adoption of zero trust architecture and technologies.

Modern Defensible Architecture for Senior Decision Makers - This guidance assists senior decision makers in understanding the contemporary threat landscape and how modern defensible architecture can support organisations to defend against current and emerging threats. This guidance also present key factors and questions senior decision makers should consider before investing in and implementing modern defensible architecture within their organisation.

Investing in Modern Defensible Architecture - This guidance is written for ICT Managers and Enterprise Architects to support them in developing a modern defensible architecture investment roadmap to present to those responsible for making cyber security and information technology investment decisions. This guidance enables readers to make informed decisions on investment opportunities and design considerations and gaps, and identify appropriate people, skills and technologies.

"I am pleased that NÚKIB could contribute to the third co-sealed series of documents led by the Australian Signals Directorate and international partners that focus on modern approaches to secure architecture design. These documents represent an important step toward enabling organizations to practically and proactively design and build IT environments that minimize risks to their most critical systems. The fundamentals of modern defensible architecture, as well as recommendations for decision-making and investment planning, are consistent with the long-term security standards promoted by NÚKIB," said Lukáš Kintr, Director of NÚKIB.

These publications on modern defensible architecture can be read here: https://www.cyber.gov.au/business-government/secure-design/secure-by-design/modern-defensible-architecture