The human rights organization said it first detected the breach Oct. 5 and hired forensic investigators and cybersecurity experts to investigate.
Ketty Nivyabandi, Secretary General of Amnesty International Canada, said the searches in their systems were specifically and solely related to China and Hong Kong, as well as a few prominent Chinese activists. The hack left the organization offline for nearly three weeks.
U.S. cybersecurity firm Secureworks said there was no attempt to monetize the access, and “a threat group sponsored or tasked by the Chinese state” was likely behind the attack because of the nature of the searches, the level of sophistication and the use of specific tools that are distinctive of China-sponsored actors.
Nivyabandi encouraged activists and journalists to update their cybersecurity protocols in light of it.
In August, the cybersecurity firm Recorded Future listed Amnesty and the International Federation for Human Rights among organizations that Chinese hackers were targeting through password-stealing schemes designed to harvest credentials. It called that particularly concerning given the Chinese state’s “reported human rights abuses in relation to Uyghurs, Tibetans and other ethnic and religious minority groups.”