The Canadian branch of Amnesty International revealed a security breach detected in early October and linked to a threat group probably sponsored by China.
The international human rights non-governmental organization (NGO) says it first detected the breach on October 5, when it spotted suspicious activity on its IT infrastructure.
After detecting the attack, the NGO called on the services of the cybersecurity company Secureworks to investigate the attack and secure its systems.
“Preliminary Investigation Results Indicate a Digital Security Breach Was Perpetrated Using Tools and Techniques Associated with Specific Advanced Persistent Threat (APT) Groups”, Amnesty International Canada said.
“Forensic experts from international cybersecurity firm Secureworks later determined that ‘a Chinese state-sponsored or state-mandated threat group’ was likely behind the attack.”
The attack was linked to a suspected Chinese threat group based on the attackers’ tactics, techniques, and procedures (TTPs) and the information they were targeting, all consistent with known behavior and tools of state hackers Chinese.
We speak publicly about the attack to warn other human rights defenders of the growing threat of digital security breaches. We strongly condemn state and non-state actors who attempt to interfere with the work of human rights organizations and other civil society organizations.
— Amnesty Canada (@AmnestyNow) December 5, 2022
No evidence of data exfiltration
The Secureworks investigation has not yet uncovered evidence showing whether the attackers exfiltrated donor or member data.
The NGO reported the security breach to law enforcement authorities and informed staff, donors and other stakeholders of the incident.
“This cyber espionage case speaks to the increasingly dangerous environment in which activists, journalists and civil society must navigate today,” said Amnesty International Canada Secretary General Ketty Nivyabandi.
“Our work to investigate and expose these acts has never been more critical and relevant. We will continue to shine a light on human rights abuses wherever they occur and to expose governments’ use of digital surveillance to stifle human rights.”