The human rights group learned about the breach in October of this year, and a subsequent investigation by the UK-based cybersecurity firm Secureworks found that the threat actor engaged in monitoring Amnesty’s Canadian network. In a statement to the press, Amnesty International said it decided to speak out about the incident to highlight the growing cybersecurity incidents against human rights defenders. It also condemned all the actors working to disrupt the work done by human rights and other civil society organizations. “As an organization advocating for human rights globally, we are very aware that we may be the target of state-sponsored attempts to disrupt or surveil our work,” said Ketty Nivyabandi, secretary general of Amnesty International Canada. “These will not intimidate us and the security and privacy of our activists, staff, donors, and stakeholders remain our utmost priority.” The organization added it had taken measures to strengthen its digital security and to restore affected systems in a secure manner.
What We Know About the Incident
According to its press release, Amnesty first detected suspicious activity in its network on Oct. 5. Shortly after, forensic and cybersecurity experts looked into the incident, revealing that the responsible actor carried out cyber espionage and left the organization offline for almost three weeks. Experts at Secureworks said the threat actors attempted to obtain a list of Amnesty’s contacts and track its activities. Furthermore, the attackers’ searches in systems were limited to China and Hong Kong. They also looked into a few prominent Chinese activists. Secureworks concluded that the responsible actors were tied to the Chinese government, basing its assessment on the nature of the targeted information and the observed tools and behaviors. “China uses its cyber capabilities to gather political and military intelligence and spy, and organizations like Amnesty are interesting to China because of the people they work with, the work that they do,” said Mike McLellan, Secureworks’ director of intelligence. “We see organizations like this targeted because China is interested in surveillance.”
No Evidence of Membership or Donor Data Exfiltration
Amnesty stated that there is no evidence of any donor or membership data exfiltration due to the incident. Furthermore, the organization has notified the appropriate law enforcement agencies and relevant stakeholders. It also committed to working towards mitigating future cybersecurity risks. “This case of cyberespionage speaks to the increasingly dangerous context which activists, journalists, and civil society alike must navigate today,” Nivyabandi said. “Our work to investigate and denounce these acts has never been more critical and relevant. We will continue to shine a light on human rights violations wherever they occur and to denounce the use of digital surveillance by governments to stifle human rights,” she added. Due to the nature of their work, journalists and activists are often the targets of increased online scrutiny and online censorship. Therefore, it is crucial to take adequate precautions to stay protected online. Using a VPN and other tools to hide your IP address is an effective way to keep your online activities anonymous and secure.