The Canadian branch of Amnesty International, an international human rights non-governmental organization (NGO), said it was a target of a sophisticated security breach in early October, which it believes to have been sponsored by China’s government.
The breach was first spotted on October 5, when suspicious activity was detected on Amnesty’s IT infrastructure. The investigation into the incident showed that the attack was likely conducted by a China-linked threat actor based on tools and techniques used by attackers.
Amnesty said that the conclusion is based “on the nature of the targeted information as well as the observed tools and behaviors, which are consistent with those associated with Chinese cyberespionage threat groups.” At present, no evidence has been found that any donor or membership data was exfiltrated.
“Appropriate law enforcement authorities as well as staff, donors, and other stakeholders have been notified of the breach,” the organization added.
In other news, the international non-governmental organization Human Rights Watch (HRW) said it discovered a cyber-espionage campaign aimed at human rights activists, journalists, researchers, academics, diplomats, and politicians working in the Middle East. The organization said that at least 20 individuals are believed to have been targeted, including a reporter for a major US newspaper, a women's rights defender based in the Gulf region, and Nicholas Noe, a Lebanon-based advocacy consultant for Refugees International.
The organization believes that the campaign is the work of an Iran-linked state-sponsored threat actor APT42, which is known to share overlaps with other Iranian hacker group APT35 (aka Charming Kitten, TA453, or Phosphorus).