Czech security service says Russia behind cyber attacks on ministry

A man walks past the Ministry of the Interior building in Prague, Czech Republic, 06 February 2017. The Czech Ministry of the Interior set up its unit, Centre Against Terrorism and Hybrid Threats, on 01 January 2017. [EPA/MARTIN DIVISEK]

Russia’s intelligence services were behind cyber attacks targeting the Czech foreign ministry last year, the Czech security service said on Monday (3 December) in its annual report.

The BIS counter-intelligence service has long warned against Russian activity in the Czech Republic, a member of NATO since 1999 and of the European Union since 2004. Many other Western countries have issued similar warnings.

In its report, BIS said two separate attacks on the Czech foreign ministry were partly the work of the APT28 hacking group, which is linked to the Russian government and has been blamed for past attacks in Germany and the United States.

UK intelligence services: We don't disclose every cyber vulnerability

In a landmark move, the UK intelligence services unveiled on Thursday (29 November) the process by which they decide to disclose security vulnerabilities to technology firms. Not every weakness discovered in a system is always disclosed to the company in question, they revealed. 

“All the findings make clear that it was the Turla cyberespionage campaign, originating from the FSB, a Russian intelligence service, and APT28/Sofacy, which is credited to the Russian military intelligence, the GRU,” the annual report said.

In a hack of the ministry’s information system, it said, attackers accessed more than 150 staff mailboxes, copying emails and attachments. “They thus obtained data that may be used for future attacks, as well as a list of potential targets in virtually all the important state institutions,” it said.

The Czech foreign ministry said at the time it believed a foreign state was behind the cyber attacks on it but said no confidential material was compromised.

As in previous years, the report warned of Russia’s continued use of undeclared intelligence officers acting under diplomatic cover as part of a general hybrid strategy against member states of the European Union and NATO.

Germany: Critical cyberattacks target government and military networks

German security services have revealed that critical national infrastructures such as government and military networks have been the target of a series of cyberattacks in November, raising broader concerns about their overall resilience.

The Russian government was not immediately available on Monday to comment on the BIS accusations.

BIS also reported increased activity by Chinese intelligence officers and a growing worry of espionage in the economic, scientific and technical domains.

Czech President Milos Zeman has vigorously promoted political and business ties with both China and Russia.

BIS said it had also detected several attacks against Czech military targets, with the most serious compromising several private email accounts of people linked to the Defence Ministry and army and also compromising an IP address by malware know as X-Agent.

Can the EU lead on cybersecurity?

Cybersecurity has become a prominent topic on the EU policy agenda. The NIS directive, the EU’s first cybersecurity law, went into effect in May of this year. And the European Commission proposed more legislation, known as the cybersecurity act, in September 2017.

Subscribe to our newsletters