On 28 May 2025, the Government of the Czech Republic announced a national attribution of a malicious cyber campaign conducted by actor APT31, which is associated with the Chinese Ministry of State Security. Since at least 2022, this group has been attacking one of the unclassified networks of the Czech Ministry of Foreign Affairs.
‘As this institution is considered to be critical national infrastructure, NÚKIB together with all three Czech intelligence services conducted a comprehensive and thorough investigation. Its goal was to both identify the origin of the attack and, in cooperation with the Czech Ministry of Foreign Affairs, secure their compromised network and prevent similar incidents in the future,’ stated Lukáš Kintr, Director of the National Cyber and Information Security Agency (NÚKIB).
The conclusions of the analysis conducted by NÚKIB, Military Intelligence, the Office for Foreign Relations and Information, and the Security Information Service clearly indicate that the People’s Republic of China is behind this long-term malicious campaign, most likely through the actor APT31 (also known as Zirconium or Judgment Panda), which has been linked to numerous attacks against foreign political and other targets, among others, in EU and NATO countries.
The Czech Republic has also been cooperating with international partners in this area for a long time. Following intensive consultations, EU Member States and NATO Allies expressed solidarity with the Czech Republic in response to the revealed malicious campaign. Both organizations also unanimously called on the People’s Republic of China to behave responsibly and to adhere to the UN norms it had voluntarily committed to.
‘Cyber threats know no borders, and that is why international cooperation is such a key element of our response. It is an essential foundation of cybersecurity and of any effective defense against increasingly sophisticated cyberattacks. The serious, malicious activity we faced in this case reflects a repeated pattern of behavior by the Chinese group APT31, which had previously targeted our Allies. That is why we shared relevant information about the incident with our partners in the EU and NATO, but also with key partners in the Indo-Pacific, particularly through our network of cyber attachés. We deeply appreciate the cooperation and support we received from them,’ added the Director of NÚKIB.
Statement by the Government of the Czech Republic
Joint Statement by the EU
Joint Statement by NATO
Celá zpráva
2025-05-28