State-sponsored hackers target Amnesty International Hong Kong with sophisticated cyber-attack

Amnesty International Hong Kong can reveal it has been the target of a sophisticated state-sponsored cyber-attack, consistent with those carried out by hostile groups linked to the Chinese government.

This sophisticated cyber-attack underscores the dangers posed by state-sponsored hacking and the need to be ever vigilant to the risk of such attacks.
Man-kei Tam, Director of Amnesty International Hong Kong.

The cyber-attack was first detected on 15 March 2019, when state-of-the-art security monitoring tools detected suspicious activity on Amnesty International Hong Kong’s local IT systems. Cyber security experts took immediate action to protect the systems and to commence an investigation into the attack.

The initial findings reveal the attacks were perpetrated using tools and techniques associated with specific advanced persistent threat groups (APTs). Cyber forensic experts were able to establish links between the infrastructure used in this attack and previously reported APT campaigns associated with the Chinese government.

“This sophisticated cyber-attack underscores the dangers posed by state-sponsored hacking and the need to be ever vigilant to the risk of such attacks. We refuse to be intimidated by this outrageous attempt to harvest information and obstruct our human rights work,” said Man-kei Tam, Director of Amnesty International Hong Kong.

“The privacy and safety of all those we work with remains our priority. We took swift action to secure our systems and have provided guidance to help individuals ensure their personal data is protected.”

When the attack was detected, Amnesty International immediately set up a global taskforce to address the threat, which included mobilizing cyber forensic investigators and security experts.

The privacy and safety of all those we work with remains our priority.
Man-kei Tam, Director of Amnesty International Hong Kong

The first phase of the investigation found extensive evidence that the perpetrators belonged to a known APT group, utilizing tactics, techniques and procedures consistent with a well-developed adversary. Amnesty International is unable to give exact details of the areas targeted or the precise nature of the attack as the investigation is still ongoing. A technical report including indicators of compromise will be released when the investigation has concluded.

The organization has contacted all individuals whose details may have been put at risk and is providing additional guidance to further ensure their data is secure. Hong Kong’s Office of the Privacy Commissioner for Personal Data has also been notified of the cyber-attack.

“We take the privacy of our supporters’ information extremely seriously. We have contacted all individuals whose details may have been put at risk and urge anyone concerned to get in touch,” said Man-kei Tam.

The cyber-attack occurred at a time when Chinese authorities are hindering cooperation between international and domestic NGOs, and are continuing to target human rights activists, journalists, lawyers and academics both abroad and at home.

In 2017, a new foreign NGO management law came into effect which gives oversight to police to manage the activities of foreign NGOs working with Chinese civil society and allows authorities to restrict the work of, and even prosecute, human rights defenders. 

Governments across the world are increasingly using new forms of surveillance to target human rights activists and journalists. Amnesty International has exposed vast and well-orchestrated digital attacks against activists and journalists in countries such as Qatar, Azerbaijan and Pakistan. In August 2018, Amnesty revealed a targeted surveillance attempt on one of our staff members.