Prague Airport and a regional hospital thwart multiple cyberattacks following NÚKIB high-risk warning
What happened
On 16 April 2020, amid the COVID-19 pandemic, the Czech National Cyber and Information Security Agency (NÚKIB) issued a high-level warning of an imminent, large-scale campaign of serious cyberattacks against critical infrastructure, especially the healthcare sector. NÚKIB director Karel Rehka cited a reasonable fear of a real threat to major targets in the country, and Czech authorities alerted international allies. NÚKIB assessed the activity as the work of a serious and advanced adversary but did not name a country.
In the days that followed, several institutions reported and repelled intrusion attempts. Prague's Vaclav Havel Airport said it had thwarted multiple attacks on its IT networks, detecting and stopping malicious activity in its preparatory phases. Hospitals in Ostrava, Olomouc and Karlovy Vary reported malicious activity in their systems, and the university hospital in Ostrava said it foiled an attack on a server overnight. Security researchers, including at ESET, linked the campaign to coronavirus-themed malware designed to corrupt a computer's master boot record and damage or destroy infected workstations. U.S. Secretary of State Mike Pompeo voiced concern on 17 April 2020 over the attacks on medical facilities during the pandemic.
Assessment
Czech officials publicly attributed the campaign only to a serious and advanced adversary and stopped short of naming a state. Some Czech media and security experts pointed toward Russia, noting that the tooling and its instructions appeared in Russian and circulated on Russian-language hacker forums, though analysts cautioned that some digital traces also led to Chinese IP addresses and that origin was difficult to prove. State responsibility was suspected and assessed by some but never publicly established. The timing, during a public-health crisis, heightened concern about the targeting of healthcare and transport infrastructure.
This dossier summarises open-source reporting and is updated as the investigation develops. Read the original report via the source link.