Amnesty International Canada breached by suspected Chinese hackers

Amnesty International's Canadian branch has disclosed a security breach detected in early October and linked to a threat group likely sponsored by China.

The international human rights non-governmental organization (NGO) says it first detected the breach on October 5, when it spotted suspicious activity on its IT infrastructure. 

After detecting the attack, the NGO hired the services of cybersecurity firm Secureworks to investigate the attack and secure its systems.

"The investigation's preliminary results indicate that a digital security breach was perpetrated using tools and techniques associated with specific advanced persistent threat groups (APTs)," Amnesty International Canada said.

"Forensic experts with leading international cyber-security firm Secureworks later established that 'a threat group sponsored or tasked by the Chinese state' was likely behind the attack."

The attack was linked to a suspected Chinese threat group based on the attackers' tactics, techniques, and procedures (TTPs) and the information they targeted, all consistent with Chinese state hackers' known behavior and tools.

We are speaking publicly about the attack to caution other human rights defenders on the rising threat of digital security breaches. We strongly condemn state and non-state actors intent on interfering with the work of human rights and other civil society organizations.

— AmnestyCanada (@AmnestyNow) December 5, 2022

No evidence of data exfiltration

Secureworks' investigation is yet to unearth evidence showing whether the attackers exfiltrated donor or membership data.

The NGO reported the security breach to relevant law enforcement authorities and notified staff, donors, and other stakeholders about the incident.

"This case of cyberespionage speaks to the increasingly dangerous context which activists, journalists, and civil society alike must navigate today," Secretary General of Amnesty International Canada Ketty Nivyabandi said.

"Our work to investigate and denounce these acts has never been more critical and relevant. We will continue to shine a light on human rights violations wherever they occur and to denounce the use of digital surveillance by governments to stifle human rights."

The attack comes as no surprise, given Amnesty International's reports and commentary on the Chinese government's ongoing abuse of human rights.