The Czech Republic on Wednesday formally accused threat actor’s associated with the People’s Republic of China (PRC) of targeting its Ministry of Foreign Affairs.
In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. The extent of the breach is presently not known.
“The malicious activity […] lasted from 2022 and affected an institution designated as Czech critical infrastructure,” it added.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The attack has been attributed to a state-sponsored threat actor tracked as APT31, which also overlaps with threat clusters known as Altaire, Bronze Vinewood, Judgement Panda, PerplexedGoblin, RedBravo, Red Keres, and Violet Typhoon (formerly Zirconium).
The hacking group, publicly associated with the Ministry of State Security (MSS) and the Hubei State Security Department, is assessed to be active since at least 2010, per the U.S. Department of Justice (DoJ).
Bronze Vinewood is known to employ a variety of tools and techniques to gain access to target environments, while also relying on public code or file-sharing websites for its command and control (C2) domains to complicate network-based detection and intersperse C2 traffic amid legitimate web browsing activity.
According to Sophos-owned Secureworks, the adversarial crew has a particular focus on organizations operating in government or defense supply chains, or providing services to those organizations.
In March 2024, the DoJ indicted seven hackers associated with APT31, accusing them of engaging in sweeping cyber espionage attacks aimed at U.S. and foreign critics, journalists, businesses, and political officials to advance MSS’s foreign intelligence and economic espionage objectives.
Around the same time, the Police of Finland called out the threat actor for orchestrating a cyber attack targeting the country’s Parliament in 2020.
As recently as this month, ESET revealed in its latest APT Activity Report that APT31 targeted a Central European government entity in December 2024 to deploy an espionage backdoor referred to as NanoSlate. While Czechia is a Central European nation, it’s currently not clear if these attacks are related.
Strongly condemning the malicious cyber campaign, the Government of the Czech Republic said “such behavior undermines the credibility of the People’s Republic of China and contradicts its public declarations.”
The government further said the activities are in violation of responsible State behavior in cyberspace as endorsed by members of the United Nations. It called on China to adhere to these norms and refrain from staging such attacks in the future.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File