On Wednesday, the Czech Republic formally denounced threat leaders related to the People’s Republic of China (PRC) that targeted the Ministry of Foreign Affairs.
In an official statement, the government said it had identified China as the cause of a malicious campaign targeting one of the Czech Ministry’s uncategorized networks. The scope of the violation is currently unknown.
“Malicious activities […] It continued from 2022 and impacted institutions designated as critical infrastructure for the Czech Republic.”
The attack is attributed to state-sponsored threat actors tracked as APT31 and overlaps with threat clusters known as ATPEARE, BRONZE VINEWOOD, Judgment Panda, PerplexedGoblin, Redbravo, Red Keres, and Violet Typoon (formerly Zirconium).
According to the US Department of Justice (DOJ), hacking groups published to the State Department (MSS) and the Hubei Department of State Security are rated as active since at least 2010.
Bronze Vinewood is known to employ a variety of tools and techniques to gain access to the target environment, but it relies on public code or file sharing websites for command and control (C2) domains to complicate network-based detection and cross-C2 traffic within legitimate web browsing activities.
According to Sophos-owned SecureWorks, the adversary crew is particularly focused on organizations operating in government or in the defense supply chain, or those that serve those organizations.
In March 2024, the DOJ charged seven hackers related to APT31, slamming cyberspy attacks targeting US and foreign critics, journalists, corporate and political authorities, and accusing MSS of promoting the purpose of foreign intelligence reporting agencies and economic espionage.
Around the same time, Finnish police called on threat leaders to coordinate cyberattacks targeting the country’s parliament in 2020.
Like this month, ESET revealed in its latest APT activity report in December 2024 when APT31 launched a backdoor for spying known as nanoslates, targeting Central European government agencies. The Czech Republic is a central European nation, but it is not clear at present whether these attacks are related.
Thracing the malicious cyber campaign, the Czech Republic government said “this action undermines the credibility of the People’s Republic of China and is inconsistent with its public declaration.”
The government further said the activity violated responsible national action in cyberspace approved by UN members. It called on China to adhere to these norms and refrain from carrying out such attacks in the future.
Source link
