The ministry of Foreign Affairs of Czech Republic has officially charged China for conducting a sophisticated and prolonged cyberattack against it. Prague’s government said the attack to infect the Ministry’s unclassified communication network, regarded as critical infrastructure, began last year and was carried out by Chinese state-sponsored hackers APT31.
“The attack was of a scope involving the screening of mail and other documents with an emphasis on the data concerning Asia,” Czech Foreign Minister Jan Lipavský said. He said that Chinese ambassador to Prague had been called in to express strong “concern and protest” and warn that such unfriendly moves would have “serious consequences” for bilateral ties.
The precise scope of the breach, and harm, remains yet to be determined, however Czech officials announced that a new, more secure system of communication was put in place as of July 2024 once the intrusion was discovered.
Fallout and condemnation, diplomatic and international
The accusations have drawn international support for the Czech Republic and condemnation of China’s actions. The United States, NATO and the European Union all sent strong statements in support of Prague.
The U.S. Embassy in Prague pointed out APT31’s history of targeting democratic allies and politicians and critical infrastructure sectors and called on China to not engage in such activities. NATO said it is increasingly concerned by cyber attacks directed by China, the EU expressed its solidarity with the Czech Republic, and warned that such malicious cyber activities would not go unanswered.
China Denies Complicity, Tensions Escalate
The Chinese Embassy in Prague rejected the accusations as “groundless,” and said the Czech side was conducting “microphone diplomacy.” Beijing has said it is a staunch opponent of cyberattacks in all forms and does not provide support or cover to such offenses.
The Czech Republic has since doubled down on its findings in the matter, which were based on a joint investigation by its intelligence and cybersecurity agencies, stating that it has “a high degree of certainty” about China’s role in the hack.
General Implications for International Relations
The breach is just the latest in a string of allegations against China in regards to cyber espionage as tensions continue to develop in the cyber domain. It highlights how even the most secure, unclassified government networks remain vulnerable to sophisticated state-sponsored attacks and how they can have profound consequences on diplomacy.
The Czech Republic’s decision to publicly blame China for the attack represents a rare departure from the practice of being quiet about such nefarious online activity and could help other countries to follow suit. It remains unclear what the long-term consequences will be for Czech-China ties, but the early returns appear to be a significant downgrading of diplomatic exchanges and a sharpening of attention to Beijing’s moves on Czech soil.
Its a vivid demonstration that the task of securing cyberspace remains daunting and the imperative of international cooperation in developing and enforcing norms of responsible state behavior in cyberspace is urgent.
