7 December 2022

Suspected Chinese hackers hit Amnesty International Canada


Suspected Chinese hackers hit Amnesty International Canada

The Canadian branch of Amnesty International, an international human rights non-governmental organization (NGO), said it was a target of a sophisticated security breach in early October, which it believes to have been sponsored by China’s government.

The breach was first spotted on October 5, when suspicious activity was detected on Amnesty’s IT infrastructure. The investigation into the incident showed that the attack was likely conducted by a China-linked threat actor based on tools and techniques used by attackers.

Amnesty said that the conclusion is based “on the nature of the targeted information as well as the observed tools and behaviors, which are consistent with those associated with Chinese cyberespionage threat groups.” At present, no evidence has been found that any donor or membership data was exfiltrated.

“Appropriate law enforcement authorities as well as staff, donors, and other stakeholders have been notified of the breach,” the organization added.

In other news, the international non-governmental organization Human Rights Watch (HRW) said it discovered a cyber-espionage campaign aimed at human rights activists, journalists, researchers, academics, diplomats, and politicians working in the Middle East. The organization said that at least 20 individuals are believed to have been targeted, including a reporter for a major US newspaper, a women's rights defender based in the Gulf region, and Nicholas Noe, a Lebanon-based advocacy consultant for Refugees International.

The organization believes that the campaign is the work of an Iran-linked state-sponsored threat actor APT42, which is known to share overlaps with other Iranian hacker group APT35 (aka Charming Kitten, TA453, or Phosphorus).


Back to the list

Latest Posts

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

The new infostealer was observed in attacks targeting Ukrainian organizations.
8 February 2023
CISA releases tool to recover encrypted VMware ESXi servers

CISA releases tool to recover encrypted VMware ESXi servers

According to CISA’s list of bitcoin addresses, over 2,800 ESXi servers have been encrypted to date.
8 February 2023
Threat actors target Ukrainian government agencies with Remcos spyware

Threat actors target Ukrainian government agencies with Remcos spyware

The attack involves a phishing email ostensibly sent by Ukrtelecom, a major Ukrainian internet service provider.
8 February 2023