By Jason Hovet
PRAGUE (Reuters) – Russia’s intelligence services were behind cyber attacks targeting the Czech foreign ministry last year, the Czech security service said on Monday in its annual report.
The BIS counter-intelligence service has long warned against Russian activity in the Czech Republic, a member of NATO since 1999 and of the European Union since 2004. Many other Western countries have issued similar warnings.
In its report, BIS said two separate attacks on the Czech foreign ministry were partly the work of the APT28 hacking group, which is linked to the Russian government and has been blamed for past attacks in Germany and the United States.
“All the findings make clear that it was the Turla cyberespionage campaign, originating from the FSB, a Russian intelligence service, and APT28/Sofacy, which is credited to the Russian military intelligence, the GRU,” the annual report said.
In a hack of the ministry’s information system, it said, attackers accessed more than 150 staff mailboxes, copying emails and attachments. “They thus obtained data that may be used for future attacks, as well as a list of potential targets in virtually all the important state institutions,” it said.
The Czech foreign ministry said at the time it believed a foreign state was behind the cyber attacks on it but said no confidential material was compromised.
As in previous years, the report warned of Russia’s continued use of undeclared intelligence officers acting under diplomatic cover as part of a general hybrid strategy against member states of the European Union and NATO.
The Russian government was not immediately available on Monday to comment on the BIS accusations.
BIS also reported increased activity by Chinese intelligence officers and a growing worry of espionage in the economic, scientific and technical domains.
Czech President Milos Zeman has vigorously promoted political and business ties with both China and Russia.
BIS said it had also detected several attacks against Czech military targets, with the most serious compromising several private email accounts of people linked to the Defence Ministry and army and also compromising an IP address by malware know as X-Agent.
(Reporting by Jason Hovet; Editing by Gareth Jones)