The Czech Republic summoned China’s ambassador on Wednesday after saying Beijing was responsible for a “malicious cyber campaign” targeting a network used for unclassified communication at the Foreign Affairs Ministry.
The attacks have been ongoing since 2022 and were perpetrated by the cyber espionage actor APT31, which the Czech Republic, an EU state and NATO member, said was publicly associated with the Chinese Ministry of State Security.
“I summoned the Chinese ambassador to make clear that such hostile actions have serious consequences for our bilateral relations,” Foreign Minister Jan Lipavsky said on social media platform X.
“We call on the People’s Republic of China to… refrain from such attacks and to take all appropriate measures to address this situation,” said the ministry. Lipavsky added that “we detected the attackers during the intrusion”.
China singled out a security threat
The Czech Security Information Office (BIS) singled out China as a threat to security in its 2024 annual report.
“The Chinese embassy logically focuses on gaining information about the Czech political scene,” the BIS said.
Meanwhile, the government added in a statement that it “strongly condemns this malicious cyber campaign against its critical infrastructure.”
EU member states have increasingly been the target of cyber attacks from China in recent years and China should do more to prevent them, the European Union said on Wednesday.
“States should not allow their territory to be used for malicious cyber activities,” EU foreign policy chief Kaja Kallas in a statement.
“We call upon all states, including China, to refrain from such behavior,” she said.
NATO also slammed the attack, saying it observed “with increasing concern the growing pattern of malicious cyber activities stemming from the People’s Republic of China”.
“We remain committed to expose and counter the substantial, continuous and increasing cyber threat, including to our democratic systems and critical infrastructure.”
Prague’s close ties to Taiwan angers China
Prague has recently angered Beijing by fostering close ties with Taiwan as high-profile Czech delegations, including the parliament speaker, have visited the island while Taiwanese officials came to Prague several times.
In May 2024, Lipavsky summoned the Russian ambassador over repeated cyberattacks targeting several European countries, including the Czech Republic, Germany and Poland.
They blamed the attacks on the Russian group APT28, also known as Fancy Bear, which has ties to Russia’s GRU military intelligence service.
The BIS then said that Russia was a “permanent security threat” for the Czech Republic, which provides substantial humanitarian and military aid to Ukraine, battling a Russian invasion since 2022.
Beijing denied allegations that it engages in state-organised hacking of overseas targets.
Edited by: Zac Crellin
