Unpacking the Czech Security Landscape: Key Insights from the BIS 2024 Annual Report

Breached Company

Breached Company

5 min read
Unpacking the Czech Security Landscape: Key Insights from the BIS 2024 Annual Report
Photo by Ouael Ben Salah / Unsplash

We're excited to bring you a deep dive into the Security Information Service (BIS) Annual Report for 2024. This comprehensive report offers a crucial look at the challenges and threats the Czech Republic faced both domestically and internationally throughout the past year. Director General Michal Koudelka highlighted 2024 as one of the most demanding in the modern history of Czech security, yet affirmed the country's resilience and continued commitment to democratic values.

The report serves as a vital tool for understanding the multifaceted efforts of the Czech Republic's domestic intelligence service in safeguarding national security. Here are some of the key takeaways:

Czech Report info threats 🇨🇿
Czech Report info threats 🇨🇿 .pdf
4 MB
download-circle

Russia: The Persistent Threat

Russia continues to be identified as a persistent threat, actively working to undermine the stability and prosperity of European countries and erode trust in democratic institutions.

  • "Telegram Agents" and Sabotage: One of the most striking elements is Russia's increasing reliance on individuals without direct ties to the Russian state, known as "Telegram agents". These agents, often recruited online through advertisements promising easy money or from organized crime groups, are offered financial rewards to carry out subversive tasks. The BIS reports that these individuals are targeted due to their economic vulnerability, particularly migrants from non-EU countries or states influenced by Russia. Their tasks range from transporting goods or people, to photographing sensitive sites like military bases, and even conducting arson attacks. The report specifically cites the arson of a bus at the Klíčov depot in Prague by a Colombian national recruited online, and the mailing of self-igniting packages via air transport, as examples of operations traced back to individuals recruited by Russian intelligence services. While these activities have caused more media impact than actual damage in the Czech Republic, they aim to achieve a significant psychological effect, including weakening Western societal cohesion, instilling fear, and undermining public trust.
  • Cyberattacks: After a temporary dip, the activity of Russian state and state-supported cyber actors in the Czech Republic returned to pre-war levels in 2024. The BIS recorded activities of groups linked to GRU, SVR, and FSB, with APT28 (associated with the GRU) being particularly active in targeting military affairs, international relations, politics, and critical infrastructure across EU and NATO countries. A significant case involved APT28 exploiting vulnerabilities in MS Outlook to obtain login credentials, a campaign that targeted numerous Czech government institutions and utilized Czech internet infrastructure for attacks on other countries.
  • Disinformation and Influence Operations: The spread of disinformation remains a major concern, originating both directly from Russia and from domestic actors. The BIS highlighted the Voice of Europe operation, which aimed to influence candidates in the 2024 European Parliament elections and was effectively neutralized by national sanctions. Russian state-connected channels like 42tcen.com, neČT24, and the Telegram channel Selský rozum continued to spread propaganda. The BIS notes that the production of propaganda can also serve as a smokescreen for more serious intelligence operations, such as establishing contact with persons of interest under the guise of interviews or discussions, providing credible cover for financial rewards.
  • Sanctions Evasion: Despite sanctions, some Czech companies continued to seek ways to supply Russia with sanctioned goods, often via member states of the Eurasian Economic Union or China.

China: Rising Challenges

China (PRC) also continued its intelligence and influence activities on Czech territory.

  • Cyber Espionage: The BIS reports that cyber espionage is often a much more effective method of acquiring targeted information than traditional espionage. China's intelligence services, in cooperation with private IT companies, form a complex and systematically managed ecosystem to collect information in the interest of the Chinese government. This involves leveraging vulnerabilities (e.g., in MS Outlook) and even physical access to devices, particularly during business travel to high-risk non-democratic countries.
  • Strategic Investments: A significant security concern was the investment by the Chinese company Emposat in a ground satellite station on Czech territory, intended for communication and data collection from satellites. Identified security risks included potential use for military or intelligence purposes contrary to Czech interests, particularly given that the Jilin satellite system, with which Emposat planned to communicate, is managed by a sanctioned Chinese company. Following BIS findings, the Ministry of Industry and Trade initiated a review, leading to the station's removal in May 2025.
  • Influence Operations and Espionage: Chinese intelligence services continued to cultivate relationships with pro-China individuals in the Czech political scene, aiming to find sympathizers who would promote China’s interests, weaken Czech-Taiwanese cooperation, and avoid discussing human rights in China.

The BIS also focused on crucial internal security issues:

  • Disinformation and Online Radicalization: While the reach of disinformation actors in the Czech environment largely stagnated in 2024, a portion of society regularly consumes it. The report highlights that the spread of disinformation is predominantly driven by domestic actors with financial and ideological motivations. A concerning trend is the online radicalization of youth, particularly among boys. This is heavily influenced by social media algorithms that direct increasingly radical content to users, creating "rabbit holes" and influencing perceptions of reality. The BIS observed individuals fascinated by violence, seeking out extremist materials (Islamist or right-wing extremist), and forming online communities on platforms like Telegram and TikTok.
  • Economic Interests and Corruption: The BIS continued to document numerous cases of clientelism, inefficient use of public funds, and suspicions of corrupt conduct. This was pervasive across many sectors, with the energy sector being a primary target due to significant projects and financial flows. The healthcare sector also showed a pattern of non-transparent behavior and monocratic management, creating room for inefficient use of public funds or corruption. Challenges also persisted in ICT contracts within public organizations, often leading to delays and increased risks.
  • Terrorism: The threat level of Islamic terrorism in the Czech Republic remained low in 2024. While there were unsuccessful attempts by two Czech citizens to join foreign terrorist organizations abroad, no immediate threat to Czech territory was detected. The Palestinian-Israeli conflict drove some radicalization, but its impact was less pronounced than in countries with large Muslim communities.

The BIS's Role and Extensive Cooperation

The BIS plays a pivotal role in protecting the constitutional order, major economic interests, security, and defense of the Czech Republic.

  • National Cooperation: The BIS engages in extensive cooperation at the national level with various Czech intelligence services, the Czech Police (including vetting visa applicants – nearly 600,000 Russian nationals in 2024 – and individuals for airport security certificates), and other national authorities like the National Security Authority, Ministry of Interior, and Ministry of Foreign Affairs. This collaboration is crucial for identifying and mitigating security risks across a wide range of areas.
  • International Cooperation: With the consent of the Czech government, the BIS cooperates with over a hundred intelligence services from more than 80 countries worldwide, primarily focusing on services from EU and NATO countries. Key areas of cooperation include counterterrorism, counterintelligence, cybersecurity, and the protection of classified information. The BIS actively contributed to international efforts, including a Joint Cyber Security Advisory describing the techniques of Ember Bear (another GRU-linked actor).
  • Technological Advancement and Budget: The BIS is actively investing in the acquisition and modernization of its information and communication technologies and intelligence-gathering capabilities, including a new intelligence information system. In 2024, the BIS expenditures totaled over 2.2 billion CZK, with a significant portion allocated to personnel and special intelligence equipment.

In conclusion, the BIS 2024 Annual Report paints a picture of a dynamic and challenging security environment, yet one that the Czech Republic is actively addressing through robust intelligence operations and extensive national and international partnerships. The insights from this report are invaluable for understanding the evolving threats and the dedicated efforts to keep the Czech Republic one of the safest countries in the world.

We encourage you to explore the full Annual Report of the Security Information Service for 2024 for more detailed information.

Read more