Close this search box.

Czech Foreign Ministry hacked

  • Czech prime investigative outlet reported that “thousands of files were downloaded from email inboxes of the Czech Foreign Minister and his Undersecretaries”, including classified information. The breach was supposed to last “for several months”. The Czech Foreign Ministry confirmed the breach, but denied classified information was stolen.
  • claims that it is “the biggest (Czech) security scandal of recent years”. They claim that the stolen data also related to the Czech allies, meaning NATO & EU members.
  • The Czech Foreign Ministry immediately formed interagency special group which vets which information the hackers got. Czech cyber unit from the National Security Authority is now investigating the case.
  • Czech Foreign Minister Lubomír Zaorálek said on the Tuesday emergency press conference that:

– Czech Foreign Ministry detected the attack is going on in early January 2017.

– The hackers breached the external mailing system of the Czech MFA, which doesn’t transfer classified files. The internal mailing system of the MFA (which carries classified information) wasn’t breached, the Minister said.

– “Tens of MFA employees” were hit, including the MFA leadership, including the Foreign Minister himself.

– The Ministry didn’t inform the public right away in early January, as Czech security institutions were “studying the hackers”.

– Czech Foreign Minister said that the attack was “very sophisticated” and was probably “a state-like actor”.

– Czech Foreign Minister also claimed that the attack was of “similar nature” as the DNC hacks.

  • On February 1, Czech media outlet published leaked extracts from internal report of the National Cyber Security Centre (NCSC), which is currently processing the cyber-attack on the Czech Ministry of Foreign Affairs:

– 7119 documents were stolen, 48 of them directly from the Foreign Minister Zaorálek’s inbox

– the attacker “basically maintained undisturbed access to any of the email accounts of the Ministry”

– the breach lasted for nearly one year – 168 accounts/users were compromised, including the Minister and his Undersecretaries

– the holder of the information may, according to the NCSC, gain “strategic advantage” over the Czech Republic

– according to the report, the gained information may also be used for attacks on domestic institutions and foreign partners. The attackers now have information about procedures that are used in Czech state institutions, which can be easily abused.

– besides personal correspondence, the attacker managed to get, for example, a task table from EU Military Committee (EUMC) meetings at the level of Chiefs of General Staff or a record from a session of the Czech Government’s Internal Security Committee.


For comments on Kremlin disinformation and influence operations please contact:

Jakub Janda
Head of Kremlin Watch Program
Deputy Director of European Values Think-Tank
[email protected]


For comments on cyber security please contact:
Vlado Bízik
+421 908 60 11 88