Amnesty International Canada has revealed it was the victim of a “sophisticated” cyberattack by Chinese government-sponsored hackers.
Amnesty International, a human rights group, claimed it first noticed the intrusion on October 5 when it found unusual activity on its IT infrastructure. An urgent inquiry was begun, and measures were made to secure the network and data. Ketty Nivyabandi, secretary general of Amnesty International Canada, told TechCrunch that this had a “major impact” on the organization’s operations, fundraising, and planned human rights activities because it required pulling all organisational and email systems offline for about three weeks.
Nivyabandi told TechCrunch that the threat actors had access to Amnesty’s working files, despite the fact that Amnesty claims there is no proof that donor or membership data was exfiltrated. While the vulnerability was discovered in October, Nivyabandi said the attacker had been trying to get in since July of 2021. He did not elaborate on the nature of the breach, however.
Amnesty International hired U.S. cybersecurity firm SecureWorks to look into the hack, and the firm has concluded that “a threat group sponsored or tasked by the Chinese state” was likely responsible for the attack. According to its findings, the hackers targeted material typical of Chinese cyberespionage threat organisations, employed tools and tactics associated with such groups, and made no attempt to profit from their intrusion.
When asked if SecureWorks had tied the assault to a specific APT organisation, SecureWorks’ chief threat intelligence officer Barry Hensley declined to comment. Amnesty International’s “openness and honesty about recent occurrences will surely benefit other organisations confronting persistent and sophisticated threat actors,” he said in a statement to TechCrunch.
Amnesty International has said that it will be publicly discussing the incident in an effort to alert other human rights groups. A collaborative investigation by Amnesty International’s Security Lab and Human Rights Watch discovered that threat actors sponsored by the Iranian government were targeting human rights activists, journalists, diplomats, and politicians operating in the Middle East.
“As an organization advocating for human rights globally, we are very aware that we may be the target of state-sponsored attempts to disrupt or surveil our work. These will not intimidate us and the security and privacy of our activists, staff, donors, and stakeholders remain our utmost priority,” said Nivyabandi.
“This case of cyber espionage speaks to the increasingly dangerous context which activists, journalists, and civil society alike must navigate today. Our work to investigate and denounce these acts has never been more critical and relevant. We will continue to shine a light on human rights violations wherever they occur and to denounce the use of digital surveillance by governments to stifle human rights,” Nivyabandi added.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover