Chinese hackers who targeted MPs, UK Electoral Commission strike Czechia
The cyber attack prompted a wave of support from NATO, the EU and western democracies, but Australia declined to name the culprit
When Chinese hackers belonging to the ATP31 Group began their cyber attacks on the Czech Republic’s Ministry of Foreign Affairs, their timing was deliberate.
‘The malicious activity, which lasted from 2022 and affected an institution designated as Czech critical infrastructure, was perpetrated by the cyberespionage actor APT31 that is publicly associated with the Ministry of State Security,’ the Ministry said in a statement.
2022 was the year that Czechia took over the European Union’s rotating presidency.
Sources tell me that the Chinese did not breach any classified information but were hunting for information relating to the EU’s agenda on Asia.
‘China is interfering in our society through manipulation, propaganda, and cyberattacks,’ Czechia’s Foreign Minister Jan Lipavsky said.
‘We detected the attackers during the intrusion.
‘Our key security institutions responded, investigated thoroughly, and now we’re going public.
‘I summoned the Chinese ambassador to make clear that such hostile actions have serious consequences for our bilateral relations.’
Czechia released online pamphlets depicting a red spotlight illuminating a panda bear with the headline ‘Exposing Cybercriminals.’
Czechia’s Ministry of Foreign Affairs said that its Security Information Service, Military Intelligence, Office for Foreign Relations and Information and National Cyber and Information Security Agency had conducted an ‘extensive investigation’ leading to ‘a high degree of certainty about the responsible actor.’
‘The Government of the Czech Republic strongly condemns this malicious cyber campaign against its critical infrastructure,’ the Ministry added.
‘Such behaviour undermines the credibility of the People’s Republic of China and contradicts its public declarations.’
The ATP31 Group – the Advanced Persistent Threat 31 – operates out of Wuhan, as part of the Ministry of State Security’s Hubei State Security Department’s cyberespionage program under the guise of a front company.
ATP31’s hackers previously attacked MPs from the UK, Australia and a host of other countries belonging to the Inter-Parliamentary Alliance on China. ATP31 was also behind a cyber attack on the UK’s Electoral Commission, according to the UK government.
The move by Czechia, one of the EU and NATO’s smaller member states with a population of 10 million, is bold given that the CCP has previously targeted the government over Prague’s support of Taiwan.
It is the first time Prague has publicly attributed a cyber attack and comes amid the EU’s delicate balancing act as it tries to ‘derisk’ from its dependence on Chinese supply lines in the face of constant threats of enormous tariffs from US President Donald Trump who views Europe as an ‘atrocity’ that was formed to ‘screw’ the United States.
Jakub Janda, Director of the European Values Centre for Security Policy, said the global solidarity shown was a positive step but said the Czech government should have gone further and expelled Chinese diplomats.
‘China respects power and this would have been the appropriate move,’ he told Latika Takes.
In a show of solidarity, the US and other Western governments, NATO, and the EU issued supportive statements.
‘This campaign targeted a Czech MFA unclassified network, causing damage and disruption,’ said a NATO statement.
‘We strongly condemn malicious cyber activities intended to undermine our national security, democratic institutions and critical infrastructure.
‘The malicious cyber activity targeting the Czech Republic underscores that cyberspace is contested at all times.
‘We observe with increasing concern the growing pattern of malicious cyber activities stemming from the People’s Republic of China.’
The European Union said it had urged China to address the malicious cyber attacks being carried out from on its soil four years ago.
‘In 2021, we urged Chinese authorities to take action against malicious cyber activities undertaken from their territory,’ the European Union said in a statement.
‘Since then, several Member States have attributed similar activities at their national level.
‘We have repeatedly raised our concerns during bilateral engagements, and we will continue to do so in the future.’
The UK’s Foreign, Commonwealth and Development Office noted that British MPs as well as its Electoral Commission had also been previously targeted by APT31.
‘We have consistently made clear to the Chinese government that the targeting of democratic institutions is completely unacceptable,’ the FCDO said.
‘We will continue to work with our allies to hold China and other state actors accountable for their actions in cyberspace.
‘In March 2024, the UK publicly attributed China state-affiliated actors for the targeting of UK parliamentarians and the Electoral Commission.’
The US Bureau of Cyberspace and Digital Policy said: ‘The US denounces these actions and calls upon the CCP to immediately cease any and all such activities.
But the Australian government, which has pursued a policy of ‘stabilisation’ with its largest trading partner since Anthony Albanese returned Labor to power in May 2022, stopped short of identifying China as the culprit.
‘We share Czechia’s deep concern about the increased scale and severity of malicious cyber activity by state-affiliated actors,’ Brendan Dowling, Australia’s Ambassador for Cyber Affairs and Critical Technology, said.
‘We are deeply troubled by the activity Czechia has reported.
‘We stand in solidarity with (the Czech government) against malicious cyber activity by state actors,’ Mr Dowling wrote on X.
I asked the office of Foreign Minister Penny Wong why Australia was unique amongst so many of its allies in refraining from naming China.
Her department said through a spokeswoman: ‘Australia has led and joined a number of cyber advisories that have called out China for malicious cyber activity.’
Last year, I revealed that in contrast to other governments, the Australian intelligence agencies kept those MPs targeted by APT31 in the dark about the online intrusion.
In fact, they only learned they had been the victims of an attack when the US Department of Justice released its indictment against seven Chinese hackers in April last year. This was despite the FBI telling Australian authorities in 2022
Liberal Senator Claire Chandler was one of the Australian MPs targeted by APT31.
She said Czechia’s case was ‘extremely concerning.’
‘Even more troubling is the clear reluctance of the Albanese Government to directly call out the Chinese Government for their concerted efforts to undermine democratic nations, or match US and British sanctions designed specifically to target this hacking group and its members,’ Senator Chandler said.
‘Now more than ever, it’s imperative that Australia remains clear-eyed about the CCP’s actions on the global stage.
‘The Albanese Government’s lacklustre response to these state-sponsored hacking events, whether against our own parliamentarians or other nations, suggests an inexplicable hesitance to do that.’
Beijing denied it was behind the attack and called on Czechia to ‘correct its wrong practices.’
‘China in no way accepts that the Czech Republic, without any evidence, should slander and defame China under the pretext of cybersecurity,’ China’s Embassy in the Czech Republic said in a statement.
It said its own ‘technical analyses’ found that the Czech conclusions were ‘not professional.’
This is an adapted version of a piece first published by The Nightly.