Amnesty International in Hong Kong ‘targeted by state-sponsored hackers’
- Cyberattack was consistent with those carried out by hostile groups linked to the Chinese government, London-based human rights organisation says
The Hong Kong branch of London-based human rights group Amnesty International has said it was targeted by state-sponsored hackers in a cyberattack “consistent with those carried out by hostile groups linked to the Chinese government”.
Security monitoring tools had found suspicious activity on the organisation’s local IT systems in March, Amnesty said in a statement on Thursday night.
Cybersecurity experts had been deployed to safeguard the systems and launch an investigation, the group said. The attacks were carried out using tools and techniques associated with several hacking groups specialising in advanced persistent threats (APT), according to Amnesty. An APT is an attack in which intruders establish an illicit, long-term presence on a network to mine sensitive data, usually on behalf of a state.
“Cyber forensic experts were able to establish links between the infrastructure used in this attack and previously reported APT campaigns associated with the Chinese government,” the non-governmental rights advocacy group said.
A spokeswoman said supporters’ names, Hong Kong identity card numbers and personal contacts were among the information compromised. But no financial information such as credit card numbers or bank account details were lost.
Threat of torture and intimidation are just two of the reasons to drop extradition proposals, Amnesty International says
The spokeswoman did not disclose the number of people affected, citing the “operational sensitivity” of the issue.
An investigation by a global task force formed by Amnesty had found extensive evidence that a known APT group used “tactics, techniques and procedures consistent with a well-developed adversary”.
The group did not give details of the data targeted, saying the investigation was ongoing, but said it would release a technical report when the probe had been concluded.
Those affected by the attack had been contacted, and Amnesty said it was providing support to ensure their data was secure.
Hong Kong’s Office of the Privacy Commissioner for Personal Data had been notified, Amnesty said, but police had not yet been contacted.
The privacy watchdog said it had received a data breach notification from Amnesty on Thursday and Privacy Commissioner Stephen Wong Kai-yi had begun gathering details to determine what action to take.
Tam Man-kei, director of Amnesty in Hong Kong, said the group took the privacy of its supporters seriously. He urged anyone who believed they might be affected to contact the organisation.
“This sophisticated cyberattack underscores the dangers posed by state-sponsored hacking and the need to be ever vigilant to the risk of such attacks. We refuse to be intimidated by this outrageous attempt to harvest information and obstruct our human rights work,” Tam said.
