Moscow-Linked Hackers Behind Cyber Attacks in Czech Republic: Officials

It was only for email that was specially modified to reach Outlook from Microsoft. The recipient didn’t even have to read it, let alone click on anything in it or open any attachments. Nevertheless, the authors later obtained highly sensitive credentials and were able to steal information.

Cyber ​​attacks on Czech authorities or companies are not unusual. But now – for the first time in history – the Ministry of Foreign Affairs has pointed to Vladimir Putin’s government as the culprit. After the Babis government’s statement in April 2021 that the Russian GRU was behind the explosions in Vrbětice, the Fial government has now publicly attributed cyber attacks on the Czech Republic to Russia as well.

So he stood on the side of the German government, which was Friday at the same time she announced, that the Russian secret service GRU is also behind the attack on the German social democracy (SPD) and other targets in the field of military, logistics and aviation. List Reports, based on sources in the security community, provides details on Russian hacking activities.

In the Czech Republic, the Security Intelligence Service and Military Intelligence worked to detect the attack. And according to two Seznam Zpráv sources from the security community, Russian intelligence officials targeted dozens of institutions – for example, in the field of security or energy.

A group of experts known as APT28 is behind the work, according to sources. Even previous American investigators recognized, that it is unit 26165 of the Russian secret service GRU. That is, the same military intelligence behind the explosions in Vrbětice.

Lukáš Kintr, the director of the National Office for Cyber ​​​​​​Security, also confirmed for Seznam Zprávy that it was the aforementioned GRU agency.

“Our national analyzes clearly point to the state-sponsored group APT28 as the source of cyber attacks and long-term harmful effects against Czech state institutions,” he told Seznam Zprávám. “There is no doubt about the involvement of the Russian military intelligence GRU in the activities of this group. This deliberate, reckless and destructive activity by Russia was intended to pose a serious threat to the security and stability of our country, and I’m glad we were able to find it and identify it.”

“Together with the other security forces of the state and compared to the decisions of our foreign friends, we came to the same conclusions as Germany,” he said.

According to the Ministry of Foreign Affairs, APT28 has a long-term focus on the Czech Republic.

“Russia has been trying to subvert the democracy and security of the Czech Republic in various ways for a long time. We have many examples: the explosion in Vrbětice, the operation of the Voice of Europe influence or cyber attacks. Czech diplomacy always defends the Czech Republic against Russian imperialism. Publicly pointing the finger at a specific aggressor is an important tool for protecting national interests,” said Foreign Minister Jan Lipavský (Spoons).

One of the attacks that took advantage of a previously unknown security vulnerability in the email program was previously released by Ukrainian experts. Microsoft fixed it a year ago. At the same time, however, he said that it has been used against sensitive targets since at least April 2022, i.e. shortly after the Russian invasion of Ukraine.

“In the context of the upcoming European elections, national elections in several European countries and the ongoing Russian aggression against Ukraine, these actions are particularly serious and reprehensible. We ask the Russian Federation to stop these actions,” said the Chernin Palace in a statement. The Czech Republic also requested support at the level of the EU and NATO.

“We are determined to deal strongly with this unacceptable behavior together with our European and international partners,” said Czech diplomacy.

At the same time, Czech diplomacy is proceeding in coordination with the German government. German Foreign Minister Annalena Baerbock threatened Russia when she visited Australia.

“Russian state spies attacked Germany in cyberspace,” said Germany’s foreign minister, who said an investigation led by her office clearly showed a group behind the attack. APT28, which is controlled by the GRU. “This is completely unacceptable and will not go without consequences,” she warned.

EU already two Russians is allowed in 2020 in connection with the hacker attack on the German parliament.

It is not public whether the GRU was successful in its hacking operation in the Czech Republic and gained access to information within the government. In addition, the Czech security forces know the scope of the operation.

“It is not easy to assess the real impact of the attack in the world, because it did not require user interaction for its success,” said one of Seznam Správ’s sources in the security community.

BIS counterintelligence, which repeatedly draws attention to Russian hybrid activity in its public annual reports, did not comment on the case when asked by Seznam Zpráv. Spokesman Ladislav Šticha only confirmed in general terms that she participated in the publication.