They Hacked Half of Europe But Forgot to Erase One Clue – And That’s How They Got Caught
The Czech government has publicly accused China-backed hacking group APT31 of cyberattacks targeting its Ministry of Foreign Affairs and critical infrastructure organizations.
*"The malicious activity, ongoing since 2022 and affecting a Czech critical infrastructure institution, was carried out by the cyber-espionage group APT31, which has been publicly linked to China’s Ministry of State Security,"* officials stated.
"The Czech government strongly condemns this malicious cyberattack on critical infrastructure. Such actions undermine trust in the People’s Republic of China and contradict its public statements."
International Backlash
Czech allies have condemned the attacks, urging China to comply with UN norms and respect international law. This is far from APT31’s first incident:- Two months ago, Finnish police confirmed APT31’s role in hacking the Finnish Parliament (March 2021), compromising emails of lawmakers.
- July 2021: The U.S. and allies accused APT31 and APT40 (both tied to China’s MSS) of a global Microsoft Exchange Server hack affecting 250,000+ servers worldwide.
"In recent years, malicious cyber activities linked to China and targeting the EU and its member states have increased. In 2021, we called on Chinese authorities to act against such operations originating from their territory."
Who Is APT31?
- Also known as Zirconium and Judgment Panda.
- Historically linked to China’s Ministry of State Security (MSS).
- Known for:
- Stealing and repurposing the NSA’s EpMe exploit (before Shadow Brokers leaked it in 2017).
- Election interference (U.S., UK).
- State system breaches and critical infrastructure attacks.
- Multiple members sanctioned or indicted in the U.S. and UK.
