By RFE RL
By Tony Wesolowsky*
(RFE/RL) — A recent wave of coordinated cyberattacks in the Czech Republic is likely tied to malware linked to Russia, Czech Internet security experts say.
Earlier this month, Czech officials said information-technology (IT) systems at Prague’s international airport, several hospitals, and the Health Ministry were targeted in the attacks, which sparked outrage in Prague — and Washington, as well.
On April 22, the Czech Interior Ministry said its IT systems were also targeted in the attacks, all of which were thwarted and were preceded by warnings from the country’s cybersecurity watchdog of expected cyberattacks on critical infrastructure.
U.S. Secretary of State Mike Pompeo on April 17 expressed concern over the incidents, saying anybody engaged in such activity should “expect consequences.” He said the attacks, particularly those targeting medical facilities, were especially worrying, given the current global coronavirus crisis.
The Russian Embassy in Prague on April 17 denied any Russian link to the attacks, although Czech officials have made no such accusations.
The Czech cybersecurity watchdog NUKIB has said the attacks were thought to be the work of a “serious and advanced adversary,” although it did not name any countries.
Tools used in the coviper malware attack were first detected in January, explained Miroslav Dvorak, technical director for the Slovak-based Internet security firm ESET.
“MBR Locker was detected in Russia and China at the beginning of January,” Dvorak said. “At the time, we did not connect it with any security incidents.”
The malware used in the attacks is designed to damage or destroy victims’ computers, Dvorak explained, adding that it has a possible Russian link.
“It’s impossible to pinpoint where the attacks originated, but the tool MBR Locker, with which it was created, is in the Russian language. So are the instructions for using it, and they can be found on forums used by Russian hackers,” Dvorak said in comments sent to RFE/RL.
He added that the digital trail also led to IP addresses in China.
‘Probing For Weaknesses’
The Czech Interior Ministry said the attacks on its IT systems were more an attempt to find weak points rather than to take them out of operation, in contrast to the attacks on the hospitals and Prague’s Vaclav Havel Airport.
Interior Ministry spokesman Jiri Korbel said on April 22 the ministry had been forewarned by NUKIB and the National Center for Combating Organized Crime. “They attacked the external e-mail of the Interior Ministry. It appeared to be preparations for something truly big,” Korbel told the news website Lidovky.cz.
A source told Lidovky that Czech investigators were cooperating in the probe with foreign partners, including the FBI. “Of course, we’re working with the FBI. That’s why Mike Pompeo intervened,” the source was quoted as saying.
NUKIB said late last year that Russia and China posed the biggest threat to cybersecurity in the country. It added that China was behind a major cyberattack on a key government institution in the Czech Republic last year.
In October 2019, the head of the Czech Security Information Service (BIS) announced his agency had dismantled a Russian espionage network that was meant to be used for cyberattacks against the Czech Republic and its allies.
Michal Koudelka said the network was supported by the Russian Embassy in Prague and Russia’s Federal Security Service (FSB).
Differing On The Past
The cyberattacks come at a moment when relations between Moscow and Prague are particularly tense, especially after a controversial statue of a Soviet-era marshal was taken down in a district of Prague.
Moscow considers the April 3 removal of the statue of Marshal Ivan Konev, who led the Red Army forces during World War II that drove Nazi troops from most of Czechoslovakia, an insult and an attempt to rewrite history.
The statue, erected in 1980, of Konev, who also played a leading role in crushing the 1956 Hungarian uprising and building the Berlin Wall in 1961, was a reminder to many Czechs of the country’s communist past and the center of controversy in Prague for years.
Ondrej Kolar, the district mayor of Prague 6, where the Konev statue stood, is now under police protection, the Czech news magazine Respekt reported on April 22.
According to an unidentified source quoted by Respekt, “a Russian citizen has traveled to Prague, who could pose a threat to Kolar.” The source also said a “group of Russian intelligence officers” had been monitored moving from Russia to Europe.
It highlights the two countries’ widening chasm on interpreting the past, and it’s not an isolated incident.
In November 2019, another district mayor in Prague proposed building a monument to a controversial World War II military division made up of Soviet defectors called the Vlasov Army that fought alongside the Nazis.
Relations between Prague and Moscow also soured over a Czech decision to rename the square where the Russian Embassy is located.
Two months ago, Prague officials dedicated the leafy square in front of the embassy complex to former Russian Deputy Prime Minister Boris Nemtsov, who was fatally shot in February 2015, meters away from the Kremlin walls. He was an outspoken critic of President Vladimir Putin.
Despite the strains in bilateral ties, Moscow can count on some support in Prague, namely from Czech President Milos Zeman, who echoed Kremlin outrage over the removal of the Konev statue as an “abuse of the state of emergency” declared due to the coronavirus crisis in the Czech Republic.
In the past, Zeman has spoken out against the sanctions imposed on Russia for its annexation of Ukraine’s Crimean Peninsula and its efforts to foment unrest in parts of eastern Ukraine, where more than 13,000 people have died since the conflict erupted there in April 2014.
In 2016, Zeman voiced his backing for holding public referendums on the country’s membership in both NATO and the EU, although he add that he personally favored remaining in both.
In 2015, Zeman attended events in Moscow to mark the 70th anniversary of the end of World War II, ignoring a boycott by other Western leaders who stayed away in protest over Russian actions in Ukraine.
Experts have said Zeman, an anti-immigrant populist, may have received backing from the Kremlin in his bid to win reelection in 2018.
- Tony Wesolowsky is a senior correspondent for RFE/RL.