“With today’s move, we have exposed China, which has long been working to undermine our resilience and democracy,” Lipavský said. “Through cyberattacks, information manipulation, and propaganda, it interferes in our society — and we must defend ourselves against that.”
It is the first time the Czech government has attributed a national cyberattack to a state-backed actor.
An investigation conducted by the Security Information Service, Military Intelligence, Office for Foreign Relations and Information, and National Cyber and Information Security Agency (NUKIB) provided Czech authorities with a high degree of certainty about who was behind the targeting of the ministry.
APT31 is run by China’s ministry of state security from the city of Wuhan, according to the U.S. justice department.
The group has been accused of high-profile attacks in the past, including targeting the personal emails of campaign staff working for U.S. presidential candidate Joe Biden in 2020. In 2024, the U.K. and U.S. imposed sanctions on individuals tied to APT31.
The alleged Chinese hack sparked outrage in Brussels, among the EU’s top brass and at NATO headquarters.