BRUSSELS — The Czech government on Wednesday condemned China for carrying out a cyberattack against its foreign ministry exposing thousands of unclassified emails.

Czechia said that the Chinese state-sponsored group Advanced Persistent Threat 31 (APT31) targeted the foreign ministry from 2022 — the year the country held the rotating EU presidency — and was able to read unclassified emails sent between embassies and EU institutions. 

The Czech foreign minister, Jan Lipavský, said he would summon the Chinese ambassador immediately to explain the findings and tell him this would damage the countries’ bilateral relations.

 “With today’s move, we have exposed China, which has long been working to undermine our resilience and democracy,” Lipavský said. “Through cyberattacks, information manipulation, and propaganda, it interferes in our society — and we must defend ourselves against that.” 

It is the first time the Czech government has attributed a national cyberattack to a state-backed actor.

An investigation conducted by the Security Information Service, Military Intelligence, Office for Foreign Relations and Information, and National Cyber and Information Security Agency (NUKIB) provided Czech authorities with a high degree of certainty about who was behind the targeting of the ministry.

APT31 is run by China’s ministry of state security from the city of Wuhan, according to the U.S. justice department.

The group has been accused of high-profile attacks in the past, including targeting the personal emails of campaign staff working for U.S. presidential candidate Joe Biden in 2020. In 2024, the U.K. and U.S. imposed sanctions on individuals tied to APT31.

The alleged Chinese hack sparked outrage in Brussels, among the EU’s top brass and at NATO headquarters.

“The European Union and its Member States, together with international partners, stand in solidarity with Czechia regarding the malicious cyber campaign that targeted its Ministry of Foreign Affairs,” the EU’s top diplomat, Kaja Kallas, said in a statement.

“We call upon all states, including China, to refrain from such behavior, to respect international law and to adhere to the UN norms and principles, including those related to critical infrastructure,” Kallas added.

“Cyber threat actors persistently seek to destabilize the Alliance. We remain committed to expose and counter the substantial, continuous and increasing cyber threat, including to our democratic systems and critical infrastructure. We are determined to further improve our capabilities and resilience and to employ the necessary capabilities in order to deter, defend against and counter the full spectrum of cyber threats to support each other,” the NATO military alliance said in a statement Wednesday.

Jacopo Barigazzi contributed to this report.