National Cyber and Information Security Agency - The National Cyber and Information Security Agency of the Czech Republic Co-Seals Publications on SIEM and SOAR Platforms with the Australian Signals Directorate and International Partners

27 May 2025

The initiative includes collaboration with international partners such as the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Federal Bureau of Investigation (FBI), the Canadian Centre for Cyber Security (CCCS), the National Cyber Security Centre of New Zealand (NCSC-NZ), the United Kingdom’s National Cyber Security Centre (NCSC-UK), Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and Japan Computer Emergency Response Team (JPCERT), the Republic of Korea’s National Intelligence Services (NIS), and Cyber Security Agency of Singapore (CSA).

The publication series consists of 3 publications:

Implementing SIEM and SOAR platforms – Executive guidance defines SIEM and SOAR platforms, explains their value and also their challenges, and provides high-level recommendations for implementing them. It is targeted at executives, but can be used by any organization that is considering whether and how to implement a SIEM and/or SOAR.
Implementing SIEM and SOAR platforms – Practitioner guidance provides high-level guidance for cyber security practitioners and describes how a SIEM/SOAR can enhance visibility, detection and response, as well as principles for procurement, establishment, and maintenance of those platforms.
Priority logs for SIEM ingestion: Practitioner guidance provides practitioners with detailed logging guidance for specific categories of log sources, such as from Endpoint Detection and Response tools, Windows/Linux operating systems, network devices, and Cloud deployments

“I am pleased that NÚKIB was able to contribute to the second co-sealed series of documents led by the ASD, particularly its focus on SIEM and SOAR platforms, technologies that are increasingly being adopted across the Czech Republic. The recommended principles reflect the long-standing security standards that NÚKIB has consistently promoted. It is essential for organisations to commit not only to initial investments in security technologies but also to continuous support for the people and processes that operate them. A SIEM or SOAR solution that is not ingesting relevant data, and is not actively monitored and tuned, is unlikely to detect or respond to threats effectively, “said Lukáš Kintr, Director of NÚKIB.

These publications demonstrate the collective effort of global partners to strengthen cybersecurity and protect critical infrastructure from evolving cyber threats. Read the publications here.

News

The Czech Government Has Publicly Attributed Cyberattacks to China: Actor APT31 Linked to the Chinese Ministry of State Security Has Targeted the Infrastructure of the Czech Ministry of Foreign Affairs

On 28 May 2025, the Government of the Czech Republic announced a national attribution of a malicious cyber campaign conducted by actor APT31, which is associated with the Chinese Ministry of State Security. Since at least 2022, this group has been attacking one of the unclassified networks of the Czech Ministry of Foreign Affairs.

‘As this institution is considered to be critical national infrastructure, NÚKIB together with all three Czech intelligence services conducted a comprehensive and thorough investigation. Its goal was to both identify the origin of the attack and, in cooperation with the Czech Ministry of Foreign Affairs, secure their compromised network and prevent similar incidents in the future,’ stated Lukáš Kintr, Director of the National Cyber and Information Security Agency (NÚKIB).

The conclusions of the analysis conducted by NÚKIB, Military Intelligence, the Office for Foreign Relations and Information, and the Security Information Service clearly indicate that the People’s Republic of China is behind this long-term malicious campaign, most likely through the actor APT31 (also known as Zirconium or Judgment Panda), which has been linked to numerous attacks against foreign political and other targets, among others, in EU and NATO countries.

The Czech Republic has also been cooperating with international partners in this area for a long time. Following intensive consultations, EU Member States and NATO Allies expressed solidarity with the Czech Republic in response to the revealed malicious campaign. Both organizations also unanimously called on the People’s Republic of China to behave responsibly and to adhere to the UN norms it had voluntarily committed to.

‘Cyber threats know no borders, and that is why international cooperation is such a key element of our response. It is an essential foundation of cybersecurity and of any effective defense against increasingly sophisticated cyberattacks. The serious, malicious activity we faced in this case reflects a repeated pattern of behavior by the Chinese group APT31, which had previously targeted our Allies. That is why we shared relevant information about the incident with our partners in the EU and NATO, but also with key partners in the Indo-Pacific, particularly through our network of cyber attachés. We deeply appreciate the cooperation and support we received from them,’ added the Director of NÚKIB.

Statement by the Government of the Czech Republic

Joint Statement by the EU

Joint Statement by NATO

Celá zpráva 2025-05-28