Alleged Chinese cyberattack on the Czech Republic

On 28 May 2025, the Czech Republic made a formal accusation in connection with an alleged attack by the Chinese cyber-espionage group ‘APT31’. They allegedly conducted an intrusive campaign against the Czech Ministry of Foreign Affairs, leaking sensitive information from 2022.

According to Czech intelligence services, APT31 managed to hack into the system for months by accessing unclassified diplomatic emails. Apparently, no more sensitive networks have been compromised, but the sophistication and persistence of the incident is noted as a direct threat to the institutional integrity of the Czech Republic.

This would be the first time that a member group of the European Union (EU) will take the decision to openly hold a state actor responsible for a security incident of this magnitude.

The impact of this incident lies not only in the sensitive information that has apparently been stolen, but also in the fact that it has taken place at a time when the Czech Republic is at the helm of the EU Council and the discord between Brussels and Beijing over technological, commercial and geopolitical influence.

On the other hand, the EU is ‘ready to impose costs’ on China in response to the cyber-attack. "This attack is an unacceptable violation of international norms. The EU will not tolerate hostile cyber actions, and we stand in solidarity with the Czech Republic," the bloc's foreign policy chief said on Wednesday evening.

The APT31 group, also known as ‘Zirconium’, is a group linked to the Chinese Ministry of State Security, based in Wuhan. The group has even carried out attacks against government institutions in the United States and Europe, as well as against technology companies and election campaigns, such as that of then-candidate Joe Biden in 2020.