Amnesty International says ‘state sponsored’ hackers targeted Hong Kong base

Amnesty International’s Hong Kong office has been hit with a cyberattack that the group says is the work of a state-sponsored team whose tactics are consistent with those supported by the Chinese government.

The London-based group said on Thursday night that the cyberattack was first detected on 15 March 2019 on the Hong Kong arm’s local IT systems.

After detection, Amnesty said a “global taskforce” was set up to address the issue, which included pulling in cyberforensics and security professionals. 

Affected systems have been analyzed and protection is now in place in order to mitigate the risk of further compromise.

Until the investigation is complete, the human rights advocates will not reveal specific data relating to what areas were targeted, or why.

However, information may have been compromised in the attack as Amnesty said it has contacted all individuals whose information may have been exposed. Man-kei Tam, Director of Amnesty International Hong Kong also said that the cyberattack was an “outrageous attempt to harvest information and obstruct our human rights work.”

A spokesperson for Amnesty told the South China Morning Post that supporters’ names, Hong Kong identity card numbers and personal contact information were compromised, but financial data remains safe.

In an unusual move, Amnesty has also provided attribution. Companies and cybersecurity vendors alike often do not like to provide direct attribution — especially while an investigation is underway — but Amnesty says that the cyberattack is the work of specific advanced persistent threat groups (APTs) and past campaigns which have been linked to the Chinese government.

“The first phase of the investigation found extensive evidence that the perpetrators belonged to a known APT group, utilizing tactics, techniques and procedures consistent with a well-developed adversary,” Amnesty says.

This is not the first time that Amnesty has been targeted, given the group’s work with other NGOs, activists, journalists, and civil rights movements worldwide. 

Back in August, Amnesty said one of its staff members was the target of a malicious WhatsApp phishing campaign believed to be the work of Saudi officials. In March, Amnesty said that local human rights defenders, the media, and civil society organizations were being spear phished in a wave attributed to Egyptian authorities.

Hong Kong’s Office of the Privacy Commissioner for Personal Data has been notified of the cyberattack.

“The privacy and safety of all those we work with remains our priority,” said Tam. “We took swift action to secure our systems and have provided guidance to help individuals ensure their personal data is protected.”

A technical report on the attack will be released once the investigation has concluded.