Czech Republic cyber attack: China condemned by NATO as Australia stops short of naming Asian super power
NATO has scolded China for a hacking attack on one of its member states, carried out by the same group that targeted Australian MPs.
But the Australian government has stopped short of naming China as a culprit in its statement of support for the tiny European nation, putting it at odds with NATO, the EU, allies the UK and the United States, who did not refrain from criticising the PRC.
In a highly significant development, the Czech Republic on Wednesday for the first time unequivocally attributed a cyber attack to the People’s Republic of China.
Sign up to The Nightly's newsletters.
Get the first look at the digital newspaper, curated daily stories and breaking headlines delivered to your inbox.
By continuing you agree to our Terms and Privacy Policy.“China is interfering in our society through manipulation, propaganda, and cyberattacks,” Czechia’s Foreign Minister Jan Lipavsky said.
“We detected the attackers during the intrusion.
“Our key security institutions responded, investigated thoroughly, and now we’re going public.
“I summoned the Chinese ambassador to make clear that such hostile actions have serious consequences for our bilateral relations.”
Czechia released online pamphlets depicting a red spotlight illuminating a panda bear with the headline “Exposing Cybercriminals.”
The move, from one of the EU and NATO’s smallest states, prompted a highly coordinated wave of public support from NATO, the European Union, the United States, the UK and European governments.
Czechia’s Ministry of Foreign Affairs said in a statement that the hacking attack began in the same year the Czech Republic held the European Union’s rotating presidency position.
Sources said that while no classified information was accessed, the hackers were hunting for information on the EU’s agenda on Asian affairs.
“The malicious activity, which lasted from 2022 and affected an institution designated as Czech critical infrastructure, was perpetrated by the cyberespionage actor APT31 that is publicly associated with the Ministry of State Security,” the Ministry said in a statement.
The ATP31 Group – the Advanced Persistent Threat 31 – operates out of Wuhan, as part of the Ministry of State Security’s Hubei State Security Department’s cyberespionage program under the guise of a front company.
Its hackers previously attacked six Australian MPs belonging to the Inter-Parliamentary Alliance on China.
Last year, The Nightly revealed that the Australian intelligence agencies kept those MPs in the dark about the online intrusion, and they only learned they had been targeted when the US Department of Justice released its indictment against seven Chinese hackers in April last year, despite the FBI telling Australian authorities in 2022.
The Czech Republic, which has been previously targeted by the PRC over its support for Taiwan, was swift and public in its attribution on Wednesday.
The Ministry said that its Security Information Service, Military Intelligence, Office for Foreign Relations and Information and National Cyber and Information Security Agency had conducted an “extensive investigation” leading to “a high degree of certainty about the responsible actor.”
“The Government of the Czech Republic strongly condemns this malicious cyber campaign against its critical infrastructure,” the Ministry added.
“Such behaviour undermines the credibility of the People’s Republic of China and contradicts its public declarations.”
NATO, the EU and a string of Western governments, including Australia’s AUKUS allies, the United States and the United Kingdom, issued statements strongly criticising China.
However, Australia’s response did not name China and instead referred to “state-affiliated actors.”
“We share Czechia’s deep concern about the increased scale and severity of malicious cyber activity by state-affiliated actors,” Brendan Dowling, Australia’s Ambassador for Cyber Affairs and Critical Technology, said.
“We are deeply troubled by the activity Czechia has reported.
“We stand in solidarity with (the Czech government) against malicious cyber activity by state actors,” Mr Dowling wrote on X.
Liberal Senator Claire Chandler was one of the Australian MPs targeted by APT31.
She told The Nightly that Czech Republic’s revelations were “extremely concerning.”
“Even more troubling is the clear reluctance of the Albanese Government to directly call out the Chinese Government for their concerted efforts to undermine democratic nations, or match US and British sanctions designed specifically to target this hacking group and its members,” Senator Chandler.
“Now more than ever, it’s imperative that Australia remains clear-eyed about the CCP’s actions on the global stage.
“The Albanese Government’s lacklustre response to these state-sponsored hacking events, whether against our own parliamentarians or other nations, suggests an inexplicable hesitance to do that.”
Asked why Australia had not mentioned China in its response, Foreign Minister Penny Wong directed the inquiry to the Department of Department of Foreign Affairs and Trade which said through a spokeswoman: “Australia has led and joined a number of cyber advisories that have called out China for malicious cyber activity.”
Australia’s reluctance to name China, its biggest trading partner, was in stark contrast to the statements issued by its allies and partners.
NATO led the condemnation of China.
“This campaign targeted a Czech MFA unclassified network, causing damage and disruption,” said a NATO statement.
“We strongly condemn malicious cyber activities intended to undermine our national security, democratic institutions and critical infrastructure.
“The malicious cyber activity targeting the Czech Republic underscores that cyberspace is contested at all times.
“We observe with increasing concern the growing pattern of malicious cyber activities stemming from the People’s Republic of China.”
The European Union said it had urged China to address the malicious cyber attacks being carried out on its soil four years ago.
“In 2021, we urged Chinese authorities to take action against malicious cyber activities undertaken from their territory,” the European Union said in a statement.
“Since then, several Member States have attributed similar activities at their national level.
“We have repeatedly raised our concerns during bilateral engagements, and we will continue to do so in the future.”
The UK’s Foreign, Commonwealth and Development Office noted that British MPs as well as its Electoral Commission had also been previously targeted by APT31.
“We have consistently made clear to the Chinese government that the targeting of democratic institutions is completely unacceptable,” the FCDO said.
“We will continue to work with our allies to hold China and other state actors accountable for their actions in cyberspace.
“In March 2024, the UK publicly attributed China state-affiliated actors for the targeting of UK parliamentarians and the Electoral Commission.”
The US Bureau of Cyberspace and Digital Policy said: “The US denounces these actions and calls upon the CCP to immediately cease any and all such activities,” the Bureau said.
China denied it was behind the attack and called on Czechia to “correct its wrong practices.”
“China in no way accepts that the Czech Republic, without any evidence, should slander and defame China under the pretext of cybersecurity,” China’s Embassy in the Czech Republic said in a statement.
It said its own “technical analyses” found that the Czech conclusions were “not professional.”
Jakub Janda, Director of European Values Center for Security Policy said the global solidarity shown was a positive step, but the Czech government should have gone further and expelled Chinese diplomats.
“China respects power and this would have been the appropriate move,” he said.
