Institutions in the Czech Republic are being attacked by Russian hackers connected to the GRU military intelligence. Last week, the Ministry of Foreign Affairs made a major statement referring to the Czech secret services. According to them, the hacker group APT28 used a previously unknown weakness in the Microsoft Outlook e-mail client. What use can the e-mails of Czech ministries be to Russia, and are cyber attacks related to Czech support for Ukraine?
The Foreign Ministry’s emphatic statement that Czech institutions have been the target of attacks by the Russian hacking campaign known as APT28 since last year may have given the impression that Russian cyberespionage on Czech territory is a new phenomenon. In fact, however, there are records of her dating back many years. Specifically, APT28 is also mentioned in the annual reports of the domestic counterintelligence BIS from 2016 or 2017, where it is described as “the most active and visible Russian cyberespionage campaign”.
Even at that time, our counterintelligence also noted attempts to break into the e-mail accounts of key institutions, including the private accounts of persons with ties to them. “The APT28/Sofacy campaign does not only target data as such, but has recently focused on stealing personal data and login credentials to information and communication systems,” says a 2016 BIS report, for example, according to which e-mails can be used by attackers learn, among other things, “a lot of personal information about their owners”, which they can subsequently use, for example, for blackmail. In 2019, the National Office for Cyber and Information Security (NÚKIB) also reported on an attack by a foreign state power on the Ministry of Foreign Affairs.
Uncertainty around Outlook
The only novelty in this regard is the uncertainty regarding the Microsoft Outlook e-mail client widely used in the state administration, whose internal vulnerability was found and exploited by hackers connected to the GRU military intelligence last year. For tactical reasons, the Ministry of Foreign Affairs did not specify to what extent the Russian efforts were successful and what data and information the Russian spies finally got access to via Outlook.
Jan Paďourek, chief director of the internal security section of the Ministry of the Interior, who worked in the Czech intelligence services for more than 20 years, told the Echo24 newspaper that the seizure of any official communication of this kind is a problem and the Czech Republic will continue to try to protect this information.
“On the other hand, e-mail servers should not be so risky, because in theory no sensitive communication should ever take place over e-mails and information that is kept in any degree of secrecy should not be communicated through them,” says Paďourek. He admits, however, that the e-mails of ministries and other state offices may be of interest to Russian intelligence services.
This is because it contains sensitive information regarding state organizations that are key, for example, to the country’s foreign, security or economic policy. “There is official communication that can be useful to the adversary, because it is full of all kinds of information from which the Russians can form a more concrete picture. From this point of view, it is pure cyber espionage,” he adds.
The Czech Republic as part of the “invisible front”
According to the chairman of the parliamentary security committee Pavel Žaček (ODS), the current wave of Russian attacks is related to the support of Ukraine by the alliance countries. “They are trying to reduce our capacities. It is necessary to resist this, because today these capacities are not national, but shared, collective,” said Žáček in the ČT24 Interview program. In this context, he talks about fighting on the so-called “invisible front”.
Paďourek also agrees that the Czech Republic is part of this “invisible front”. “I really think it is, because all the activities we’re talking about are hostile in nature. This means that it is not something that should make our life easier here, but on the contrary it complicates our life,” he says, adding that “any attack on Czech servers means in a way the involvement of the Czech Republic in a war conflict, because for Russia and some another country it is part of the operation”.
But it does not have to be only about monitoring the e-mail communication of ministries. According to Paďourek, Russia also leads hybrid wars by spreading various narratives, such as questioning our Euro-Atlantic integration and the Czech Republic’s membership in NATO or undermining support for Ukraine.
The current wave of Russian attacks was also confirmed by neighboring Germany and Poland. The German Minister of the Interior, Nancy Faeser, specified that the same group (APT28) attacked private companies in Germany in addition to political parties: arms companies, aviation companies and also logistics companies. Paďourek did not want to comment on whether the attacks also affected Czech armaments companies, which play an important role in terms of commercial supplies of equipment and materials to Ukraine.
“I can’t comment on it explicitly. On the other hand, it has a certain logic, because even the private sector, especially in the arms industry, participates in the military support of Ukraine, and the Russian adversary is of course interested in disrupting, or at least complicating, the flow of weapons to Ukraine,” he said.
Tags: invisible front opened Czech Republic Russian spies read emails
-
