{
	"id": "d2f4e969-d753-4748-aa40-8127619a52ba",
	"created_at": "2026-04-06T00:07:13.536928Z",
	"updated_at": "2026-04-10T13:11:29.403045Z",
	"deleted_at": null,
	"sha1_hash": "792beb5f43fd082945886c5dc1d8cf4a231f8e4c",
	"title": "Czechia blames China for Ministry of Foreign Affairs cyberattack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3061492,
	"plain_text": "Czechia blames China for Ministry of Foreign Affairs cyberattack\r\nBy Sergiu Gatlan\r\nPublished: 2025-05-28 · Archived: 2026-04-05 21:24:05 UTC\r\nThe Czech Republic says the Chinese-backed APT31 hacking group was behind cyberattacks targeting the country's\r\nMinistry of Foreign Affairs and critical infrastructure organizations.\r\n\"The malicious activity, which lasted from 2022 and affected an institution designated as Czech critical infrastructure, was\r\nperpetrated by the cyberespionage actor APT31 that is publicly associated with the Ministry of State Security,\" the Czech\r\ngovernment said.\r\n\"The Government of the Czech Republic strongly condemns this malicious cyber campaign against its critical infrastructure.\r\nSuch behavior undermines the credibility of the People's Republic of China and contradicts its public declarations.\"\r\nhttps://www.bleepingcomputer.com/news/security/czechia-blames-china-for-ministry-of-foreign-affairs-cyberattack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/czechia-blames-china-for-ministry-of-foreign-affairs-cyberattack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nEuropean Union member states and NATO allies condemned the attack on Wednesday, asking China to adhere to the UN\r\nnorms and respect international law.\r\nTwo months ago, the Finnish Police confirmed that APT31 hackers were behind a March 2021 breach of the country's\r\nparliament when the attackers compromised multiple email accounts, including some belonging to Finnish MPs.\r\nIn July 2021, the United States and its allies blamed the Chinese MSS-linked APT31 and APT40 threat groups for an\r\nextensive hacking campaign that targeted over a quarter of a million Microsoft Exchange servers belonging to tens of\r\nthousands of organizations worldwide.\r\n\"In recent years, malicious cyber activities linked to this country and targeting the EU and its Member States have increased.\r\nIn 2021, we urged Chinese authorities to take action against malicious cyber activities undertaken from their territory,\" the\r\nCouncil of the EU said on Wednesday.\r\n\"Since then, several Member States have attributed similar activities at their national level. We have repeatedly raised our\r\nconcerns during bilateral engagements and we will continue to do so in the future.\"\r\n\"We strongly condemn malicious cyber activities intended to undermine our national security, democratic institutions and\r\ncritical infrastructure,\" NATO added.\r\nAPT31 charges and sanctions\r\nAPT31 (also tracked as Zirconium and Judgment Panda), previously linked to the Chinese Ministry of State Security (MSS),\r\nis known for numerous espionage operations and its involvement in the theft and repurposing of the EpMe NSA exploit\r\nyears before Shadow Brokers leaked it in April 2017.\r\nMicrosoft observed APT31 attacks targeting high-profile individuals associated with Joe Biden's presidential campaign four\r\nyears ago, while Google spotted them around the same time targeting \"campaign staffers' personal email\" accounts in\r\nphishing attacks.\r\nThe U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two APT31 operatives (Zhao\r\nGuangzong and Ni Gaobin) in March for their work as contractors for Wuhan XRZ, an OFAC-designated front company\r\nused by the Chinese MSS attacks against U.S. critical infrastructure.\r\nThey were also sanctioned by the United Kingdom for targeting U.K. parliamentarians, breaching the GCHQ intelligence\r\nagency, and hacking into the country's Electoral Commission systems.\r\nAdditionally, the U.S. Justice Department charged the two APT31 hackers, along with five other defendants, for their\r\ninvolvement in the operations of Wuhan XRZ over at least 14 years.\r\nNow, the U.S. State Department is offering rewards of up to $10 million for information about Wuhan XRZ and APT31 that\r\ncould assist in locating and/or arresting any of the seven Chinese hackers.\r\nhttps://www.bleepingcomputer.com/news/security/czechia-blames-china-for-ministry-of-foreign-affairs-cyberattack/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/czechia-blames-china-for-ministry-of-foreign-affairs-cyberattack/\r\nhttps://www.bleepingcomputer.com/news/security/czechia-blames-china-for-ministry-of-foreign-affairs-cyberattack/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/czechia-blames-china-for-ministry-of-foreign-affairs-cyberattack/"
	],
	"report_names": [
		"czechia-blames-china-for-ministry-of-foreign-affairs-cyberattack"
	],
	"threat_actors": [
		{
			"id": "5d2bd376-fcdc-4c6a-bc2c-17ebbb5b81a4",
			"created_at": "2022-10-25T16:07:23.667223Z",
			"updated_at": "2026-04-10T02:00:04.705778Z",
			"deleted_at": null,
			"main_name": "GCHQ",
			"aliases": [
				"Government Communications Headquarters",
				"Operation Socialist"
			],
			"source_name": "ETDA:GCHQ",
			"tools": [
				"Prax",
				"Regin",
				"WarriorPride"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d4f7cf97-9c98-409c-8b95-b80d14c576a5",
			"created_at": "2022-10-25T16:07:24.561104Z",
			"updated_at": "2026-04-10T02:00:05.03343Z",
			"deleted_at": null,
			"main_name": "Shadow Brokers",
			"aliases": [],
			"source_name": "ETDA:Shadow Brokers",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "16f2436b-5f84-44e3-a306-f1f9e92f7bea",
			"created_at": "2023-01-06T13:46:38.745572Z",
			"updated_at": "2026-04-10T02:00:03.086207Z",
			"deleted_at": null,
			"main_name": "APT40",
			"aliases": [
				"ATK29",
				"Red Ladon",
				"MUDCARP",
				"ISLANDDREAMS",
				"TEMP.Periscope",
				"KRYPTONITE PANDA",
				"G0065",
				"TA423",
				"ITG09",
				"Gingham Typhoon",
				"TEMP.Jumper",
				"BRONZE MOHAWK",
				"GADOLINIUM"
			],
			"source_name": "MISPGALAXY:APT40",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "171b85f2-8f6f-46c0-92e0-c591f61ea167",
			"created_at": "2023-01-06T13:46:38.830188Z",
			"updated_at": "2026-04-10T02:00:03.114926Z",
			"deleted_at": null,
			"main_name": "The Shadow Brokers",
			"aliases": [
				"Shadow Brokers",
				"ShadowBrokers",
				"The ShadowBrokers",
				"TSB"
			],
			"source_name": "MISPGALAXY:The Shadow Brokers",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "aacd5cbc-604b-4b6e-9e58-ef96c5d1a784",
			"created_at": "2023-01-06T13:46:38.953463Z",
			"updated_at": "2026-04-10T02:00:03.159523Z",
			"deleted_at": null,
			"main_name": "APT31",
			"aliases": [
				"JUDGMENT PANDA",
				"BRONZE VINEWOOD",
				"Red keres",
				"Violet Typhoon",
				"TA412"
			],
			"source_name": "MISPGALAXY:APT31",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "9e6186dd-9334-4aac-9957-98f022cd3871",
			"created_at": "2022-10-25T15:50:23.357398Z",
			"updated_at": "2026-04-10T02:00:05.368552Z",
			"deleted_at": null,
			"main_name": "ZIRCONIUM",
			"aliases": [
				"APT31",
				"Violet Typhoon"
			],
			"source_name": "MITRE:ZIRCONIUM",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "83025f5e-302e-46b0-baf6-650a4d313dfc",
			"created_at": "2024-05-01T02:03:07.971863Z",
			"updated_at": "2026-04-10T02:00:03.743131Z",
			"deleted_at": null,
			"main_name": "BRONZE MOHAWK",
			"aliases": [
				"APT40 ",
				"GADOLINIUM ",
				"Gingham Typhoon ",
				"Kryptonite Panda ",
				"Leviathan ",
				"Nanhaishu ",
				"Pickleworm ",
				"Red Ladon ",
				"TA423 ",
				"Temp.Jumper ",
				"Temp.Periscope "
			],
			"source_name": "Secureworks:BRONZE MOHAWK",
			"tools": [
				"AIRBREAK",
				"BlackCoffee",
				"China Chopper",
				"Cobalt Strike",
				"DadJoke",
				"Donut",
				"FUSIONBLAZE",
				"GreenCrash",
				"Meterpreter",
				"Nanhaishu",
				"Orz",
				"SeDll"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "59be3740-c8c7-47aa-84c8-e80d0cb7ea3a",
			"created_at": "2022-10-25T15:50:23.481057Z",
			"updated_at": "2026-04-10T02:00:05.306469Z",
			"deleted_at": null,
			"main_name": "Leviathan",
			"aliases": [
				"MUDCARP",
				"Kryptonite Panda",
				"Gadolinium",
				"BRONZE MOHAWK",
				"TEMP.Jumper",
				"APT40",
				"TEMP.Periscope",
				"Gingham Typhoon"
			],
			"source_name": "MITRE:Leviathan",
			"tools": [
				"Windows Credential Editor",
				"BITSAdmin",
				"HOMEFRY",
				"Derusbi",
				"at",
				"BLACKCOFFEE",
				"BADFLICK",
				"gh0st RAT",
				"PowerSploit",
				"MURKYTOP",
				"NanHaiShu",
				"Orz",
				"Cobalt Strike",
				"China Chopper"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "74d9dada-0106-414a-8bb9-b0d527db7756",
			"created_at": "2025-08-07T02:03:24.69718Z",
			"updated_at": "2026-04-10T02:00:03.733346Z",
			"deleted_at": null,
			"main_name": "BRONZE VINEWOOD",
			"aliases": [
				"APT31 ",
				"BRONZE EXPRESS ",
				"Judgment Panda ",
				"Red Keres",
				"TA412",
				"VINEWOOD ",
				"Violet Typhoon ",
				"ZIRCONIUM "
			],
			"source_name": "Secureworks:BRONZE VINEWOOD",
			"tools": [
				"DropboxAES RAT",
				"HanaLoader",
				"Metasploit",
				"Mimikatz",
				"Reverse ICMP shell",
				"Trochilus"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "dc7ee503-9494-4fb6-a678-440c68fd31d8",
			"created_at": "2022-10-25T16:07:23.349177Z",
			"updated_at": "2026-04-10T02:00:04.552639Z",
			"deleted_at": null,
			"main_name": "APT 31",
			"aliases": [
				"APT 31",
				"Bronze Vinewood",
				"G0128",
				"Judgment Panda",
				"Red Keres",
				"RedBravo",
				"TA412",
				"Violet Typhoon",
				"Zirconium"
			],
			"source_name": "ETDA:APT 31",
			"tools": [
				"9002 RAT",
				"Agent.dhwf",
				"AngryRebel",
				"CHINACHOPPER",
				"China Chopper",
				"Destroy RAT",
				"DestroyRAT",
				"Farfli",
				"Gh0st RAT",
				"Ghost RAT",
				"GrewApacha",
				"HOMEUNIX",
				"HiKit",
				"HidraQ",
				"Homux",
				"Hydraq",
				"Kaba",
				"Korplug",
				"McRAT",
				"MdmBot",
				"Moudour",
				"Mydoor",
				"PCRat",
				"PlugX",
				"RedDelta",
				"Roarur",
				"Sakula",
				"Sakula RAT",
				"Sakurel",
				"SinoChopper",
				"Sogu",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"Trochilus RAT",
				"Xamtrav"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434033,
	"ts_updated_at": 1775826689,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/792beb5f43fd082945886c5dc1d8cf4a231f8e4c.pdf",
		"text": "https://archive.orkl.eu/792beb5f43fd082945886c5dc1d8cf4a231f8e4c.txt",
		"img": "https://archive.orkl.eu/792beb5f43fd082945886c5dc1d8cf4a231f8e4c.jpg"
	}
}