Cyber: Statement by the High Representative on behalf of the European Union on malicious behaviour in cyberspace against Czechia

The European Union and its Member States, together with international partners, stand in solidarity with Czechia regarding the malicious cyber campaign that targeted its Ministry of Foreign Affairs.

Czechia determined the cyber-attack has been perpetrated by the Advanced Persistent Threat 31 (APT31) that is associated with the Ministry of State Security of China.

In recent years, malicious cyber activities linked to this country and targeting the EU and its Member States have increased. In 2021, we urged Chinese authorities to take action against malicious cyber activities undertaken from their territory. Since then, several Member States have attributed similar activities at their national level. We have repeatedly raised our concerns during bilateral engagements and we will continue to do so in the future.

We strongly condemn malicious cyber activities, which are contrary to the United Nations framework of responsible state behaviour in cyberspace, and which all UN Member States have endorsed. We call upon all states, including China, to refrain from such behaviour, to respect international law and to adhere to the UN norms and principles, including those related to critical infrastructure. In this context, we reiterate that states should not allow their territory to be used for malicious cyber activities.

The European Union reaffirms its strong commitment to prevent, deter and respond to malicious behaviour in cyberspace and stands ready to take further action when necessary. We will continue to cooperate with our international partners to promote due diligence and responsible state behaviour in cyberspace, with the aim to ensure a global, open, free, stable and secure cyberspace.

Albania, Bosnia and Herzegovina, Iceland, Liechtenstein, Montenegro, North Macedonia, Norway, Republic of Moldova and Ukraine align themselves with this statement.