Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack - The Hacker News

Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack Ravie LakshmananMay 28, 2025Cybersecurity / Cyber Espionage The Czech Republic on Wednesday formally accused a threat actor associated with the People's Republic of China (PRC) of targeting its Ministry of Foreign Affairs. In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. The extent of the breach is presently not known. "The malicious activity [...] lasted from 2022 and affected an institution designated as Czech critical infrastructure," it added. The attack has been attributed to a state-sponsored threat actor tracked as APT31, which also overlaps with threat clusters known as Altaire, Bronze Vinewood, Judgement Panda, PerplexedGoblin, RedBravo, Red Keres, and Violet Typhoon (formerly Zirconium). The hacking group, publicly associated with the Ministry of State Security (MSS) and the Hubei State Security Department, is assessed to be active since at least 2010, per the U.S. Department of Justice (DoJ). Bronze Vinewood is known to employ a variety of tools and techniques to gain access to target environments, while also relying on public code or file-sharing websites for its command and control (C2) domains to complicate network-based detection and intersperse C2 traffic amid legitimate web browsing activity. According to Sophos-owned Secureworks, the adversarial crew has a particular focus on organizations operating in government or defense supply chains, or providing services to those organizations. In March 2024, the DoJ indicted seven hackers associated with APT31, accusing them of engaging in sweeping cyber espionage attacks aimed at U.S. and foreign critics, journalists, businesses, and political officials to advance MSS's foreign intelligence and economic espionage objectives. Around the same time, the Police of Finland called out the threat actor for orchestrating a cyber attack targeting the country's Parliament in 2020. As recently as this month, ESET revealed in its latest APT Activity Report that APT31 targeted a Central European government entity in December 2024 to deploy an espionage backdoor referred to as NanoSlate. While Czechia is a Central European nation, it's currently not clear if these attacks are related. When reached for comment, the Slovak cybersecurity company told The Hacker News that it "cannot confirm or deny this report." Strongly condemning the malicious cyber campaign, the Government of the Czech Republic said "such behavior undermines the credibility of the People's Republic of China and contradicts its public declarations." The government further said the activities are in violation of responsible State behavior in cyberspace as endorsed by members of the United Nations. It called on China to adhere to these norms and refrain from staging such attacks in the future. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  APT31, Chinese Hackers, critical infrastructure, cyber espionage, cybersecurity, Czech Republic, data breach, network intrusion ⚡ Top Stories This Week Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking and More Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 Vercel Finds More Compromised Accounts in Context.ai-Linked Breach Load More ▼ ⭐ Featured Resources [Guide] Learn a Practical Framework to Evaluate AI Tools for Production Learn How Hidden Identity Blind Spots Weaken Your Security Systems [Webinar] Stop Chasing Alerts and Start Focusing on Real Exposures [Guide] How to Enable Secure Data Movement Without Added Risk