China Linked Hackers Hit Amnesty
International Hong Kong with APT
April 29, 2019
International Hong Kong can reveal it has been the target of a
sophisticated state-sponsored cyber-attack, consistent with those
carried out by hostile groups linked to the Chinese government.
The cyber-attack was first detected on 15 March 2019, when
state-of-the-art security monitoring tools detected suspicious activity
on Amnesty International Hong Kong’s local IT systems. Cyber security
experts took immediate action to protect the systems and to commence an
investigation into the attack.
The initial findings reveal the attacks were perpetrated using tools and
techniques associated with specific advanced persistent threat groups (APTs).
Cyber forensic experts were able to establish links between the
infrastructure used in this attack and previously reported APT campaigns
associated with the Chinese government.
“This sophisticated cyber-attack underscores the dangers posed by
state-sponsored hacking and the need to be ever vigilant to the risk of
such attacks. We refuse to be intimidated by this outrageous attempt to
harvest information and obstruct our human rights work,” said Man-kei
Tam, Director of Amnesty International Hong Kong.
“The privacy and safety of all those we work with remains our priority.
We took swift action to secure our systems and have provided guidance to
help individuals ensure their personal data is protected.”
When the attack was detected, Amnesty International immediately set up a
global taskforce to address the threat, which included mobilizing cyber
forensic investigators and security experts.
The first phase of the investigation found extensive evidence that the
perpetrators belonged to a known APT group, utilizing tactics,
techniques and procedures consistent with a well-developed adversary.
Amnesty International is unable to give exact details of the areas
targeted or the precise nature of the attack as the investigation is
still ongoing. A technical report including indicators of compromise
will be released when the investigation has concluded.
The organization has contacted all individuals whose details may have
been put at risk and is providing additional guidance to further ensure
their data is secure. Hong Kong’s Office of the Privacy Commissioner for
Personal Data has also been notified of the cyber-attack.
“We take the privacy of our supporters’ information extremely seriously.
We have contacted all individuals whose details may have been put at
risk and urge anyone concerned to get in touch,” said Man-kei Tam.
cyber-attack occurred at a time when Chinese authorities are hindering
cooperation between international and domestic NGOs, and are continuing
to target human rights activists, journalists, lawyers and academics
both abroad and at home.
In 2017, a new foreign NGO management law came into effect which gives
oversight to police to manage the activities of foreign NGOs working
with Chinese civil society and allows authorities to restrict the work
of, and even prosecute, human rights defenders.
Governments across the world are increasingly using new forms of
surveillance to target human rights activists and journalists. Amnesty
International has exposed vast and well-orchestrated digital attacks
against activists and journalists in countries such as Qatar, Azerbaijan
and Pakistan. In August 2018, Amnesty revealed a targeted surveillance
attempt on one of our staff members.