Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Amnesty Says Hong Kong Office Hit by China-linked Cyber Attack

Amnesty International’s Hong Kong office has been hit by a years-long cyberattack from hackers with known links to the Chinese government, the rights group said Thursday.

Amnesty International’s Hong Kong office has been hit by a years-long cyberattack from hackers with known links to the Chinese government, the rights group said Thursday.

The attack comes at a time of growing concern in Hong Kong over shrinking freedoms as Beijing flexes its muscles and western nations fret about the global dominance of China in telecommunications networks.

Amnesty said it first detected its systems had been compromised on March 15 when its Hong Kong office migrated its IT infrastructure to the rights group’s more secure international network as part of a scheduled upgrade. The group brought in a team of experts to investigate.

“Cyber forensic experts were able to establish links between the infrastructure used in this attack and previously reported APT campaigns associated with the Chinese government,” the group said in a statement.

Advanced persistent threats (APTs) are the most complex and effective hacks that deploy significant know how and resources — and they are usually carried out by, or on behalf of, a state.

China has long been accused by western governments, businesses and cyber analysts of using APT groups to carry out corporate and political espionage as well as pursue critics and opponents overseas, allegations it denies.

Amnesty said their investigations pointed to “a known APT group” which used “tactics, techniques and procedures consistent with a well developed adversary”.

It declined to name the group, saying investigations were still ongoing, but added it would release a technical report at a later date.

Advertisement. Scroll to continue reading.

“This sophisticated cyberattack underscores the dangers posed by state-sponsored hacking and the need to be ever vigilant to the risk of such attacks,” said Man-kei Tam, Director of Amnesty International Hong Kong.

“We refuse to be intimidated by this outrageous attempt to harvest information and obstruct our human rights work,” he said. Tam said experts were still trying to work out when the attack began, but they believe their systems were compromised for some time.

“According to our cyber forensic experts the attack has been persistent, so it has been happening already for a few years,” he told AFP, adding that it has since been contained.

The rights group has contacted individuals whose details may have been put at risk. It declined to detail how many people could be affected but said no financial information had been compromised.

Hong Kong’s civil and rights groups are already on edge about what they say are fading freedoms in the financial hub.

Joshua Rosenzweig, head of Amnesty’s East Asia Regional Office, which is also based in Hong Kong but separate to the local branch that was targeted, said civil society was clearly a target to state-sponsored cyberattacks.

“We see this as an attack on civil society and the NGO community as a whole,” he said. “We don’t want to hide this. Exposing the fact that this is happening is part of, I hope, how we protect ourselves.”

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.