Amnesty International Canada target of sophisticated cyber-attack linked to China

Amnesty International Canada (English-speaking Section) revealed today it was the target of a sophisticated digital security breach, believed to be sponsored by the Chinese state.

The human rights organization first detected the breach on October 5, 2022, when suspicious activity was spotted on Amnesty’s IT infrastructure. Amnesty International Canada engaged a highly skilled team of forensic investigators and cyber security experts who took immediate action to protect the organization’s systems and investigate the source of the attack. 

The investigation’s preliminary results indicate that a digital security breach was perpetrated using tools and techniques associated with specific advanced persistent threat groups (APTs). Forensic experts with leading international cyber-security firm Secureworks later established that “a threat group sponsored or tasked by the Chinese state” was likely behind the attack. The forensic audit’s conclusion is based “on the nature of the targeted information as well as the observed tools and behaviors, which are consistent with those associated with Chinese cyberespionage threat groups.”

‘As an organization advocating for human rights globally, we are very aware that we may be the target of state-sponsored attempts to disrupt or surveil our work. These will not intimidate us and the security and privacy of our activists, staff, donors, and stakeholders remain our utmost priority.’

Ketty Nivyabandi, Secretary General, Amnesty International Canada

Amnesty International Canada is speaking publicly about the attack to caution other human rights defenders on the rising threat of digital security breaches and strongly condemns state and non-state actors intent on interfering with the work of human rights and other civil society organizations.

“As an organization advocating for human rights globally, we are very aware that we may be the target of state-sponsored attempts to disrupt or surveil our work. These will not intimidate us and the security and privacy of our activists, staff, donors, and stakeholders remain our utmost priority,” said Ketty Nivyabandi, Secretary General of Amnesty International Canada.

“This case of cyberespionage speaks to the increasingly dangerous context which activists, journalists, and civil society alike must navigate today. Our work to investigate and denounce these acts has never been more critical and relevant. We will continue to shine a light on human rights violations wherever they occur and to denounce the use of digital surveillance by governments to stifle human rights,” she added.

Amnesty International Canada has taken swift and robust action to strengthen its digital security and restore systems back online securely.

To date, the investigation has uncovered no evidence that any donor or membership data was exfiltrated. Appropriate law enforcement authorities as well as staff, donors, and other stakeholders have been notified of the breach. Amnesty International Canada will continue to work with security experts to mitigate against potential future risks.

Media contact: Cory Ruf, Media Officer, Amnesty International Canada (English-speaking Section), media@amnesty.ca, 647-269-179