[BreachExchange] Amnesty says Hong Kong office hit by China-linked cyber attack

[Destry Winant]

https://cio.economictimes.indiatimes.com/news/digital-security/amnesty-says-hong-kong-office-hit-by-china-linked-cyber-attack/69040512

HONG KONG: Amnesty International's Hong Kong office has been hit by a
years-long cyberattack from hackers with known links to the Chinese
government, the rights group said Thursday. The attack comes at a time
of growing concern in Hong Kong over shrinking freedoms as Beijing
flexes its muscles and western nations fret about the global dominance
of China in telecommunications networks.

Amnesty said it first detected its systems had been compromised on
March 15 when its Hong Kong office migrated its IT infrastructure to
the rights group's more secure international network as part of a
scheduled upgrade.

The group brought in a team of experts to investigate.

"Cyber forensic experts were able to establish links between the
infrastructure used in this attack and previously reported APT
campaigns associated with the Chinese government," the group said in a
statement.
Advanced persistent threats (APTs) are the most complex and effective
hacks that deploy significant know how and resources -- and they are
usually carried out by, or on behalf of, a state.

China has long been accused by western governments, businesses and
cyber analysts of using APT groups to carry out corporate and
political espionage as well as pursue critics and opponents overseas,
allegations it denies.

Amnesty said their investigations pointed to "a known APT group" which
used "tactics, techniques and procedures consistent with a well
developed adversary". It declined to name the group, saying
investigations were still ongoing, but added it would release a
technical report at a later date.

"This sophisticated cyberattack underscores the dangers posed by
state-sponsored hacking and the need to be ever vigilant to the risk
of such attacks," said Man-kei Tam, Director of Amnesty International
Hong Kong.

"We refuse to be intimidated by this outrageous attempt to harvest
information and obstruct our human rights work," he said.

Tam said experts were still trying to work out when the attack began,
but they believe their systems were compromised for some time.

"According to our cyber forensic experts the attack has been
persistent, so it has been happening already for a few years," he told
AFP, adding that it has since been contained.

The rights group has contacted individuals whose details may have been
put at risk. It declined to detail how many people could be affected
but said no financial information had been compromised.

Hong Kong's civil and rights groups are already on edge about what
they say are fading freedoms in the financial hub.

Joshua Rosenzweig, head of Amnesty's East Asia Regional Office, which
is also based in Hong Kong but separate to the local branch that was
targeted, said civil society was clearly a target to state-sponsored
cyberattacks.

"We see this as an attack on civil society and the NGO community as a
whole," he said. "We don't want to hide this. Exposing the fact that
this is happening is part of, I hope, how we protect ourselves."