Announcementseverity: High2025-05-28
Czech Republic publicly attributes multi-year MFA intrusion to APT31
published by NUKIB (National Cyber and Information Security Agency, Czech Republic)
Actor
PRC state-sponsored intrusion set publicly attributed to the Ministry of State Security's Hubei State Security Department, operating through the front company Wuhan Xiaoruizhi Science and Technology…
Summary
The Czech government, supported by NUKIB and three Czech intelligence services, publicly attributed a cyber-espionage campaign targeting an unclassified network of the Ministry of Foreign Affairs — designated critical infrastructure — to APT31, linked to China's Ministry of State Security. The intrusion is assessed to have run since at least 2022. The Chinese Ambassador was summoned and the EU and NATO issued statements of solidarity calling on China to adhere to UN norms of responsible state behaviour in cyberspace.
Tags
attributionczech-republicmfaeu-nato
Primary source
nukib.gov.czOther APT31 events
- 2024-03-25UK sanctions APT31 front company and operators over Electoral Commission breach and parliamentary targeting
- 2024-03-25Treasury sanctions Wuhan XRZ front company and two APT31 hackers for targeting US critical infrastructure
- 2024-03-25DOJ unseals indictment charging seven APT31 hackers tied to MSS Hubei State Security Department
- 2020-09-10Microsoft discloses Zirconium (APT31) targeting of 2020 US presidential campaign and international affairs community