DOCUMENTING HYBRID WARFARE / — incidents / UPDATED LATEST: 
Sabotage Watch SABOTAGEWATCHHybrid Threat Monitor
Cyber

Czech MFA compromise publicly attributed to China/APT31; NATO & EU issue solidarity statements

28 May 2025 · Prague, Czechia
Satellite Imagery © Esri

What happened

On 28 May 2025, the Government of the Czech Republic publicly attributed a long-running malicious cyber campaign against one of the unclassified networks of the Ministry of Foreign Affairs to the People's Republic of China, identifying the cyberespionage actor APT31 (also known as Zirconium or Judgment Panda), which is publicly associated with China's Ministry of State Security. According to the Czech statement and NÚKIB, the activity dated back to at least 2022 and targeted an institution designated as Czech critical infrastructure. An extensive joint investigation by the Security Information Service, Military Intelligence, the Office for Foreign Relations and Information, and the National Cyber and Information Security Agency reached a high degree of certainty about the responsible actor.

Foreign Minister Jan Lipavský summoned the Chinese ambassador in Prague to protest, stating that such hostile actions have a damaging impact on bilateral relations. Czech officials said attackers were detected during the operation and that a new, more secure communication system had been introduced. China's embassy in Prague denied the allegations. The EU and NATO issued solidarity statements: NATO's North Atlantic Council condemned the activity and noted concern over the growing pattern of malicious cyber activities stemming from China, while EU High Representative Kaja Kallas called it an unacceptable breach of international norms and said the EU stood in solidarity with Czechia.

Assessment

The incident reflects a maturing Western posture toward Chinese state-linked cyber operations: a national attribution backed by intelligence consensus, a diplomatic summons, and coordinated EU and NATO solidarity statements. Reporting noted the campaign coincided with Czechia's 2022 EU Council presidency, when access to diplomatic correspondence would have carried elevated intelligence value. APT31 has previously been sanctioned by the US and UK and tied to operations across EU and NATO states, situating this case within a broader, persistent espionage pattern rather than an isolated event. Importantly, this is attributed to China, not Russia.

This dossier summarises open-source reporting and is updated as the investigation develops. Read the original report via the source link.