The Czech Republic has formally accused China of orchestrating a long-running cyber espionage campaign targeting its Ministry of Foreign Affairs. The attack, which compromised unclassified diplomatic communications, was attributed to the China-linked hacker group APT31, believed to operate under the Chinese Ministry of State Security.
The Czech government summoned the Chinese ambassador on Wednesday to protest what it called a "malicious cyber campaign" that has been ongoing since 2022. The group reportedly accessed emails between Czech embassies and EU institutions, during a period that included the Czech Republic’s presidency of the Council of the European Union.
"This is a serious violation of international norms and a direct threat to our democratic institutions," Foreign Minister Jan Lipavský said. He added that Prague had upgraded its communications infrastructure following the breach and warned that the incident would damage bilateral relations with Beijing. "With today’s move, we have exposed China, which has long worked to undermine our resilience and democracy," Lipavský posted on X.
This is the first time the Czech government has publicly attributed a state-sponsored cyberattack to a foreign power. The attribution followed a multi-agency investigation involving the Security Information Service, Military Intelligence, the Office for Foreign Relations and Information, and the National Cyber and Information Security Agency (NUKIB). The authorities cited "a high degree of certainty" that APT31 was behind the operation.
NATO and the European Union expressed full solidarity with the Czech Republic. "Cyber threat actors persistently seek to destabilize the Alliance," NATO said in a statement, vowing to bolster defensive and retaliatory cyber capabilities.
EU foreign policy chief Kaja Kallas echoed the condemnation, warning that the bloc was "ready to impose costs" on China. "This attack is an unacceptable breach of international norms. The EU will not tolerate hostile cyber actions," she said.
Kallas emphasized that the EU had repeatedly raised concerns with Beijing over state-sponsored cyber activities, particularly since 2021. She called on all nations, including China, to prevent malicious cyber operations from originating within their borders.
APT31 has been implicated in multiple high-profile intrusions, including the targeting of campaign staff linked to then-U.S. presidential candidate Joe Biden in 2020. In 2024, both the United States and the United Kingdom imposed sanctions on individuals connected to the group.
The cyberattack on the Czech Republic comes amid broader tensions between the EU and China, exacerbated by Beijing’s close ties with Moscow and alleged support for Russia’s war in Ukraine. Kallas recently labeled China the “key enabler” of Russia’s military efforts, citing the supply of dual-use goods that circumvent Western sanctions.
While Brussels has expressed interest in renewed cooperation with Beijing, cyberwarfare, foreign information manipulation, and economic overcapacity remain flashpoints in the relationship.
"The malicious cyber activity targeting the Czech Republic underscores that cyberspace is contested at all times," said NATO Secretary General Mark Rutte. "We must remain vigilant and resilient in defending our democratic systems and critical infrastructure."