Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure
September 08, 2025
Czech cybersecurity agency NUKIB warns of Chinese cyber threats to critical infrastructure, citing the cyberespionage group APT31 and risky devices.
The Czech Republic’s National Cyber and Information Security Agency (NUKIB) warns of growing risks from Chinese-linked technologies in critical sectors like energy, healthcare, transport, and government. The agency warns of risks from Chinese-made devices (phones, cars, cameras, LLMs).
“The penetration of these technologies and devices into critical industries (such as transport, energy, healthcare, public administration and others) is growing and will continue to grow in the future. Current critical infrastructure systems are increasingly dependent on storing and processing data in cloud storage and on network connectivity that allows remote operation and updates.” reads the statement published by NUKIB. “In practice, this means that suppliers of technological solutions have the ability to fundamentally influence the operation of critical infrastructure and/or access important data, and trust in the reliability of the supplier is therefore absolutely crucial. “
Czech agency warns of data transfers and remote asset control from China-linked threat actors. The entities under the Cyber Security Act must address the threat.
Many devices and cloud services transmit data to or are managed from China, giving suppliers deep influence over operations and access to sensitive data. Risky products include IP cameras, PV inverters, smart meters, healthcare tech, phones, cars, and AI models.
“Another risk factor is the increasing number of devices that are connected to the Internet, also transmit data and are remotely managed by their suppliers.” continues the statement. “Examples of risky products and services that may transmit data to or are managed from the PRC include IP cameras, PV inverters, so-called “smart meters”, healthcare, cloud storage, highly complex personal devices (phones, watches), connected vehicles (electric cars), large language models and others;”
The NUKIB National agency cited the attacks by China-linked cyberspionage group APT31 against Czech ministries and NATO allies.
In May 2025, the Czech government strongly condemned China after the cyber espionage group APT31 was linked to a cyberattack targeting the nation’s critical infrastructure.
The Czech government condemned China after APT31 hackers infiltrated a ministry’s unclassified system in 2022 and remained undetected. A joint investigation by Czech intelligence agencies led to a “high-degree of certainty” in attributing the attack to China. Officials said the cyber campaign threatens national security and contradicts China’s public statements.
Czech intelligence and cybersecurity agencies jointly investigated the incident, reaching a high-confidence conclusion about the actor behind the attack.
The EU, its Member States, and NATO Allies expressed strong support and solidarity with Czechia following the cyberattack.
The statement did not include any technical details on the intrusions or what was stolen, but public reports say the affected systems have since been rebuilt and isolated.
The European Union issued a separate statement condemning the APT31 activity and warned that Chinese hackers have ramped up attacks against member states. The EU also noted that states should not allow their territory to be used for malicious cyber activities.
APT31, also known as Zirconium or Judgment Panda, has been operational for more than a decade, stealing diplomatic cables, industrial designs, and political strategy documents from Europe, North America, and Asia.
Czech cybersecurity agency pointed out that in China, laws and politics give authorities broad power to access data, pressure private firms, and compel their cooperation in state-led espionage.
Czech organizations are required to view cyber risks linked to China as serious and put proper protections in place, even if there’s no outright ban. For everyday citizens, the warning isn’t binding, but it’s still wise to stay alert, think carefully about the technology you use, and pay attention to what data you’re sharing and with whom.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, NUKIB)
