Photo: AI generated, source ChatGTP
What is happening?
On May 28, 2025, the Czech government formally announced that it deemed the People’s Republic of China responsible for a cyberattack on a communication network of its Foreign Ministry which exposed a high number of unclassified emails. Elaborating on further details, the Ministry highlighted that “the malicious activity, which lasted from 2022 and affected an institution designated as Czech critical infrastructure, was perpetrated by the cyberespionage actor APT31 that is publicly associated with the Ministry of State Security.“
Three Czech intelligence agencies, along with the Czech National Cyber and Information Security Agency, investigated the penetration and made a formal attribution. As a sign of solidarity, the EU, NATO, and multiple countries, including Taiwan, condemned China and called on Beijing to refrain from such activities in the future. Czech Foreign Ministry summoned the Chinese Ambassador in Prague to convey a formal diplomatic protest.
What is the broader picture?
The PRC is the most pressing hostile cyber actor in terms of its institutional capacity and willingness to conduct sophisticated intrusions into the critical infrastructure of Western democracies. It is a regular practice for European governments to expose and publicly call out Russian state-connected hackers. However, weighing public accusations against China for cyberattacks has yet to become a common practice across Europe, due to concerns about Chinese state economic coercion.
From the Czech perspective, this is historically the first time that the Czech government used the formal attribution mechanism against the foreign attacker in the cyber domain, including a coordinated communication campaign through allies to reach global audiences. At the same time, Prague decided not to publicly expel Chinese diplomats or Ministry of State Security-linked intelligence officers from the Chinese Embassy in Prague, which would have been a significant move in European standards of deterring Chinese state hostilities through symbolic punishment.
Why is it important?
Beijing has intensified its cyber-offensive against Western democracies so that it can obtain public information from European governments with malicious intent. European governments became accustomed to acknowledge China’s cyberattacks in their national security assessments and corresponding strategies, but public push-back from European governments against China over specific cases remains rare. Countries fear a hostile reaction from Beijing and therefore represent a degree of concern about harming bilateral engagements.
A recurring issue is that even if European governments decide to take public action to expose the scope of Chinese cyber hostilities, there is often little effort to make such defensive action politically impactful in order to harm China’s geopolitical interests in Europe truly. What European governments could do beyond public announcements would be to expel a number of intelligence-affiliated Chinese officials from their bilateral embassies or to require this agenda to be formally negotiated on behalf of the attacked member state by EU or NATO officials with their Chinese counterparts. Such actions would ensure that the Chinese leadership would feel at least some degree of diplomatic consequences, as even penetrating a relatively small member state might make their agenda with bodies like the EU or NATO more difficult. If more EU or NATO member states were to decide on such diplomatic collective defense responses, it would alter the strategic and operational calculus of Chinese diplomatic and intelligence leadership.
