The Canadian office of human rights group Amnesty International says its English-language unit was the target of a “sophisticated” hacking attempt that it believes is linked to China.
The digital security breach was first detected on October 5 when suspicious activity was spotted on Amnesty’s IT infrastructure, Amnesty International Canada said in a statement on Monday.
It took immediate action to protect the systems and investigate the source of the attack, it added.
“As an organization advocating for human rights globally, we are very aware that we may be the target of state-sponsored attempts to disrupt or surveil our work. These will not intimidate us and the security and privacy of our activists, staff, donors, and stakeholders remain our utmost priority,” Ketty Nivyabandi, secretary general of Amnesty International Canada, said in a statement.
The preliminary results of the investigation indicated the breach was perpetrated using tools and techniques associated with specific advanced persistent threat groups (APTs), Amnesty said.
Forensic experts with international cybersecurity firm Secureworks later established that “a threat group sponsored or tasked by the Chinese state” was probably behind the attack.
The forensic audit’s conclusion is based “on the nature of the targeted information as well as the observed tools and behaviors, which are consistent with those associated with Chinese cyberespionage threat groups,” it added.
A report released in August by cybersecurity firm Recorded Future said a hacking group known as RedAlpha, suspected of acting on behalf of the Chinese government, had conducted a years-long espionage campaign against numerous governments, think tanks, news agencies and nongovernmental organisations (NGOs), including Amnesty.
Last year, the United States, United Kingdom and their allies accused actors affiliated with the Chinese government of a cyberattack on Microsoft Exchange, and blamed the Chinese government for a broad array of “malicious cyber activities”.
Amnesty said it had decided to speak publicly about the attack as a warning to other human rights defenders on the rising threat of digital security breaches to their work.
“This case of cyberespionage speaks to the increasingly dangerous context which activists, journalists, and civil society alike must navigate today,” Nivyabandi said. “Our work to investigate and denounce these acts has never been more critical and relevant. We will continue to shine a light on human rights violations wherever they occur and to denounce the use of digital surveillance by governments to stifle human rights.”
Amnesty said no evidence had been found that any donor or membership data had been taken.