Who Attacked Czechia in April 2020?

On Friday April 17th, 2020 the Brno University Hospital in the Czech Rebpublic experienced a massive cyber attack.  Between the hours of 5am and 8am "something" occurred on their network.  The "something" was bad enough that the entire network had to be shut down.  Officials working with the Czechian government attempted to "recover" the data loss.  

Immediately when I hear "data recovery," I can assume that data was destroyed.  Also when an entire network is shut down, the incident implies that the malware was spreading.  With these two pieces of information I am going to make the leap and say that the Brno University Hospital had ransomware.

It's a safe assumption.

The news was big enough to make it to the western hemisphere as well [8].  Mike Pompeo wagged his finger at the screen saying:

“We call upon the actor in question to refrain from carrying out disruptive malicious cyber activity against the Czech Republic’s healthcare system or similar infrastructure elsewhere,”

and further.

“The United States has zero tolerance for malicious cyber activity designed to undermine U.S. and international partners’ efforts to protect, assist, and inform the public during this global pandemic...expect serious consequences."

My curiosity revolves around who-dun-it.  Brno University Hospital is the biggest institute in the city of Brno that was doing Covid-19 tests.  So it was a big target.  A spokesperson for the hospital said that they encounter cyber attacks of this nature regularly and has defended against all of them[4].  Which is what a good face for the company should say.  However the flip side of the coin would mean that something was different this time.  If these had been blocked before, what's different?

This attack had even been flagged a few days prior by Czechia's National Cyber and Information Security Information Agency (NUKIB) stating that infrastructure was "at risk."

Coincidentally, another hospital in Czechia experienced strange activity a few days before.  They reported elevated levels of scans occurring at their network.  They were smart and made back-ups immediately. [4]

NUKIB stated that a "serious and advanced adversary" was responsible.  It kind of blows my mind that NUKIB would say this.  The nations cyber-security agency publicly said that an advanced adversary was responsible.  I don't think any government agency in our world would make this statement lightly.

The United states knew almost immediately that the Czech Rebublic health, "and other" [8] infrastructure was at risk.  There is only a small handful of "serious and advanced adversaries" in our world.  Honestly, America knew who the culprit was. 

Let's flash forward 3 months.  It is now July 2020.

Mid July, Britain's National Cyber Security Centre publicly announced that Russian hackers sponsored by the state were attempting to steal COVID-19 related data.

Of course the Russian news agency denied all of these allegations, basically saying "You can't prove it..."

The NCSC pinned the attacks on a group named APT29.  Stating that a variety of tools and spear-phishing was in use. [7]

Now it is August 2020.

Russia has a vaccine!![9] Unfortunately experts say they have cut corners and rushed the vaccine out the door.  Their health officials say it is "safe and effective", even Putin's daughter got the vaccine.  But what else can you expect from a country where a majority of their national stations and newspapers are owned by the government [10].

As an extra jab, and honestly which I feel is directed at America, the vaccine is called "Sputnik-V" in honour of the world's first satellite.

I know I'm speculating here, all I have done is collect data to make a hypothesis.

Here are the proven facts:

- Two hospitals in the Czech Republic attacked, data stolen/corrupted

- Czechian National Security Agency confesses a "serious advanced adversary" at play.

- Russia has a huge cyber-criminal underground [11] (An "advanced adversary")

- The United States knew about the attack on the hospitals almost immediately.  (They monitor everything, let's not kid ourselves)

-Russian hacker group(s) were proven by multiple agencies to be actively targeting Covid-19 research facilities.

So here is my Hypothesis:

I will write it as a note to the people of the Czech Republic.

"Dear Citizens of the Czech Republic,

For what it's worth I sympathize that your country was attacked.  While people like Mike Pompeo can say their will be 'severe consequences,' please don't hold your breathe.  Yours[cyber attack] was but the first publicly disclosed incident in what I am very confident was a deluge of attacks against other research facilities that either never told anyone their was an incident or have no idea that data was stolen and still is being stolen.

The "seriously advanced adversary" that attacked you, was known by global powers.  They knew that you were a target before the incident.  

I don't know what to say but 'good-luck' because you are quite literally in the middle of a cyber battle ground being fought every day by global powers positioning themselves for strength.

My advice, and I urge you to take it.  Route out the nation-states resident in your critical infrastructure.  They are there and they are listening to everything.



[1] https://hotforsecurity.bitdefender.com/blog/mysterious-cyberattack-cripples-czech-hospital-amid-covid-19-outbreak-22566.html

[2] https://www.google.com/amp/s/www.washingtonpost.com/politics/2019/06/25/prague-protesters-demand-resignation-prime-minister-andrej-babi/%3foutputType=amp

[3] https://www.zdnet.com/article/czech-hospital-hit-by-cyber-attack-while-in-the-midst-of-a-covid-19-outbreak/

[4] https://www.reuters.com/article/us-czech-cyber-ostrava/czech-hospitals-report-cyberattacks-day-after-national-watchdogs-warning-idUSKBN21Z1OH 

[5] https://www.cybersecurityintelligence.com/national-cyber-and-information-security-agency-nukib-4219.html 

[6] https://www.fnbrno.cz/

[7] https://www.thechronicleherald.ca/news/canada/russia-trying-to-steal-covid-19-vaccine-data-say-uk-us-and-canada-474082/ 

[8] https://www.euractiv.com/section/defence-and-security/news/us-says-concerned-by-threat-of-cyber-attack-against-czech-republic-healthcare/ 

[9] https://www.bbc.com/news/world-europe-53735718 

[10] https://en.wikipedia.org/wiki/Media_freedom_in_Russia 

[11] https://www.ecfr.eu/publications/summary/crimintern_how_the_kremlin_uses_russias_criminal_networks_in_europe

Popular Posts