Amnesty International branch hit by suspected Chinese hackers

China's flag overlays laptop screen
(Image credit: Shutterstock)

The Canadian branch of global non-governmental human rights organization Amnesty International suffered a recent cyberattack that was apparently orchestrated by a Chinese state-sponsored attacker.

In a press release, Amnesty International Canada said it spotted “suspicious activity” on its IT infrastructure on October 5 2022. As soon as the activity was observed, the organization brought in “a highly skilled team of forensic investigators and cyber security experts” to investigate, and secure the systems. 

The team was led by Secureworks, which established that an unnamed threat actor gained access to the organization’s IT systems in a “sophisticated digital security breach”.

Human rights in the crosshairs

“A digital security breach was perpetrated using tools and techniques associated with specific advanced persistent threat groups (APTs),” the announcement reads. 

Secureworks later pointed the finger at Chinese threat actors, saying the nature of the targeted information, the tools used in the attack, as well as the behaviors of the attackers, all line up with entities “associated with Chinese cyberespionage threat groups.”

The organization’s Secretary General, Ketty Nivyabandi, did not sound too upset about the incursion: “As an organization advocating for human rights globally, we are very aware that we may be the target of state-sponsored attempts to disrupt or surveil our work. These will not intimidate us and the security and privacy of our activists, staff, donors, and stakeholders remain our utmost priority,” he stated.

The researchers also determined that this was most likely an espionage campaign, as there is no evidence of any donor or membership data having been exfiltrated. The organization said it notified law enforcement organizations, staff, donors, as well as other stakeholders, of the event. 

The organization decided not to share the details on the attack, including the name of the threat actor, or the potential malware or fraud used to gain access to the target endpoints

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.