PRAGUE — The Czech Republic has issued a rare and sharply worded rebuke of the People’s Republic of China, formally attributing a long-running cyber-espionage campaign targeting its Ministry of Foreign Affairs to APT31 — a notorious hacking group directly associated with China’s secret police, which has systematically targeted U.S. politicians, election candidates and campaign staff, journalists, corporations, and critics of the Chinese Communist Party, alongside similar assaults on Canada and democracies worldwide.

The attack, which began in 2022 and compromised a foreign ministry network designated as critical infrastructure, was described by Czech officials as a malicious campaign tied to one of Beijing’s most aggressive cyber units and a known component of the Ministry of State Security’s (MSS) broader strategy of political, technological, and psychological penetration of rival states.

The attribution citing Wuhan-based APT31 followed a detailed joint investigation led by the Czech Security Information Service (BIS), Military Intelligence, the Office for Foreign Relations and Information, and the National Cyber and Information Security Agency.

“These activities undermine the credibility of the People’s Republic of China and contradict its public declarations,” the Czech government stated. “They are contrary to the norms of responsible state behavior in cyberspace as endorsed by all UN Members.”

Czech Foreign Minister Jan Lipavský announced, “I summoned the Chinese ambassador to make clear that such hostile actions have serious consequences for our bilateral relations,” yesterday on social media platform X.

The BIS, Czechia’s domestic intelligence service, also addressed the issue in its 2024 annual report. The agency warned that cyber operations are only one facet of the threat posed by Chinese state actors, writing: “The Chinese embassy logically focuses on gaining information about the Czech political scene.”

The campaign drew swift and strong expressions of solidarity from the European Union, NATO allies—and from Taiwan, which many officials and experts now view as the front line of China's cyber and cognitive war playbook.

Taiwan’s former foreign minister Joseph Wu posted: “We firmly stand with Czechia and strongly condemn China’s cyberattack. As a fellow democracy suffering from similar attacks and malicious information manipulation, Taiwan will work closely with our partners to fend off authoritarianism.”

APT31 has been implicated in numerous cyber intrusions targeting democratic institutions and government personnel across North America, Europe, and Asia. While APT31 was not specifically named in a 2021 U.S. Department of Justice indictment, the indictment did charge four MSS officers from another provincial intelligence bureau, the Hainan State Security Department, for coordinating cyberattacks against dozens of targets across 12 countries—including research institutions working on COVID-19 vaccines, treatments, and supply chains.

The DOJ indictment, on the pandemic-era attacks, suggests MSS’s cyber attacks were timely and opportunistic—more akin to hybrid warfare than simple espionage—designed to accelerate China’s global advantage during the pandemic and to degrade the strategic resilience of other nations at their most vulnerable moments.

A parallel 2021 advisory from the U.S. Cybersecurity and Infrastructure Security Agency, FBI, and allied agencies in Canada, the UK, Australia, and New Zealand explicitly named APT31 and other MSS affiliates as actors behind “coordinated cyber campaigns” against the healthcare, energy, and public health sectors. These campaigns, the advisory said, were “consistent with PRC objectives to obtain sensitive data, disrupt public trust, and support geopolitical positioning.”

Then, in March 2024, the U.S. Department of Justice unsealed a sweeping indictment against seven Chinese nationals linked to APT31. Prosecutors allege the group operated from Wuhan and engaged in a global hacking operation for over 14 years, targeting journalists, academics, government officials, and political dissidents.

“These allegations pull back the curtain on China’s vast illegal hacking operation that targeted sensitive data from U.S. elected and government officials, journalists, and academics; valuable information from American companies; and political dissidents in America and abroad. Their sinister scheme victimized thousands of people and entities across the world, and lasted for well over a decade,” said U.S. Attorney Breon Peace for the Eastern District of New York.

An overview of the indictment explained “Through their involvement with the APT31 Group, since at least 2010, the defendants conducted global campaigns of computer hacking targeting political dissidents and perceived supporters located inside and outside of China, government and political officials, candidates, and campaign personnel in the United States and elsewhere and American companies.”

Canadian intelligence reported by The Bureau alleges that regional MSS bureaus across China competed for impact in Canada’s 2019 federal election, suggesting the brute force that decentralized MSS teams seek to impact upon foreign nations to achieve high-level objectives for MSS bosses in Beijing. In Canada’s case, The Bureau reported, MSS teams sought to win the release of Huawei executive Meng Wanzhou, rather than having her extradited to American justice, which would pose a catastrophic risk to Beijing’s security arms.

China’s offensive cyber ecosystem is not limited to APT31.

Another MSS-directed group, APT40—also known by aliases including Kryptonite Panda—has been active since at least 2009 and operates out of Haikou, Hainan Province. According to U.S. government assessments, APT40 has targeted government entities, corporations, and universities across a wide range of sectors including biomedical research, robotics, and maritime technology. Its reach has spanned the United States, Canada, Europe, the Middle East, and the South China Sea—often aligned with China’s strategic goals under the Belt and Road Initiative.

The new Czech attribution, combined with the pandemic-era MSS cyber assault wave, and The Bureau’s exclusive revelations of MSS’s calibrated and aggressive 2019 election interference—according to CSIS documents—reveals the broader architecture of China’s non-kinetic warfare playbook: a campaign of continuous digital intrusions, information distortion, and political influence calibrated to remain below the threshold of open conflict, but always available to escalate.

At a 2024 conference in Ottawa attended by U.S. and Taiwanese officials, Shun-Ching Yang of Doublethink Lab and Eve Chiu of the Taiwan FactCheck Center warned that Taiwan has lived for decades under this form of “cognitive warfare”—a term used to describe China’s deliberate campaign to reshape perceptions, sow division, and disable democratic defenses through information dominance.

Yang and Chiu described how Taiwan’s government has exposed and countered efforts by the Chinese Communist Party to covertly fund disinformation websites, deploy fake social media accounts, and push false narratives into Taiwanese elections. One online journalist was charged in Taiwan for allegedly publishing fake polls during the 2024 presidential campaign, acting on instructions from CCP officials in Fujian province.

To conceal attribution, the CCP now routes many of its bot-driven propaganda operations through servers and agents in Cambodia—a proxy state for Chinese intelligence. Sophisticated, automated accounts flood WeChat, Twitter, and other platforms with disinformation dressed in local political commentary, targeting ethnic groups and migrant workers to provoke tension.

Asked what warning they would offer to Canadians, given evidence that Chinese-controlled digital networks attacked the Conservative Party in the 2021 federal election and smeared British Columbia MP Kenny Chiu as an anti-Asian racist after he introduced a foreign interference bill, both experts were clear.

“China has a very sick skill in reframing thinking of the society,” Yang said. “We have to be very careful about their sophisticated brainwashing of ideology, which we call cognitive warfare.”

“We have been facing this for decades, ever since I was a child,” Chiu added. “I think China’s government is trying to colonize Canada, because you are an ally of the United States. So they are trying to manipulate Canada against the U.S., because now is a very big competition between China and the U.S.”

The Czech Republic’s investigation shows how far this competition now extends—from the neural networks of fake social media posts to the physical servers of foreign ministries.

Editor’s Note: This story was updated with information from DOJ’s 2024 indictment against MSS operatives in APT31, and to clarify that Joseph Wu is former foreign minister for Taiwan, and now Secretary-General, Taiwan National Security Council.