Amnesty International’s Canadian branch has confirmed that it was the target of a “sophisticated” cyberattack carried out by Chinese state-sponsored hackers.
The human rights organization said it first discovered the breach on October 5 when suspicious activity was discovered in Amnesty’s IT infrastructure. An investigation was immediately launched by forensic investigators and cybersecurity experts, and steps were taken to protect the organization’s systems. Ketty Nivyabandi, secretary-general of Amnesty International Canada, told Eureka News Now that all organizational and email systems would have to be taken offline for nearly three weeks, with “a significant impact” on Amnesty Canada’s operations, fundraising and planned human rights work would have.
Amnesty said there is no evidence donor or member data was exfiltrated by the attackers, but Nivyabandi told Eureka News Now that the attackers had access to Amnesty’s work files. Nivyabandi added that while the attacker’s intrusion attempts were first discovered in October, the attacker’s intrusion efforts only began in July 2021, but declined to reveal any further information about the nature of the breach.
US cybersecurity firm SecureWorks, hired by Amnesty International to investigate the breach, has found that “a threat group sponsored or commissioned by the Chinese state” is likely behind the attack. The investigation revealed that the attackers used tools and techniques related to specific Advanced Persistent Threat Groups (APTs) and targeted intelligence consistent with Chinese cyberespionage threat groups and made no attempt to monetize access.
Barry Hensley, chief threat intelligence officer at SecureWorks, declined to say whether the company linked the attack to a specific APT group. However, in a statement to Eureka News Now, he commended Amnesty’s “openness and transparency regarding recent events will undoubtedly assist all organizations facing persistent and sophisticated threat actors.”
Amnesty said it was speaking out about the attack to warn other human rights organizations. News of the breach comes just a day after a joint investigation by Amnesty International’s Security Laboratory and Human Rights Watch found that Iranian government-backed threat actors targeted human rights defenders, journalists, diplomats and politicians in the Middle East.
“As an organization working for human rights around the world, we are acutely aware that we could be the target of government-sponsored attempts to disrupt or monitor our work. These will not intimidate us and the safety and privacy of our activists, staff, donors and stakeholders remain our top priority,” said Nivyabandi.
“This case of cyber espionage speaks to the increasingly dangerous context in which activists, journalists and civil society alike must navigate today. Our work investigating and denouncing these acts has never been more critical and relevant. We will continue to draw attention to human rights abuses wherever they occur and denounce governments’ use of digital surveillance to suppress human rights,” Nivyabandi added.