Amnesty International Canada says it was hacked by Beijing

Ketty Nivyabandi, Secretary General of Amnesty International Canada, speaks during a news conference on Parliament Hill in Ottawa, Ontario, Wednesday, Sept. 28, 2022. On Monday, Dec. 5, 2022, the Canadian branch of Amnesty International said it was the target of a cyberattack sponsored by China. Nivyabandi said the searches in their systems were specifically and solely related to China and Hong Kong, as well as a few prominent Chinese activists. The hack left the organization offline for nearly three weeks. (Sean Kilpatrick/The Canadian Press via AP)

Ketty Nivyabandi, Secretary General of Amnesty International Canada, speaks during a news conference on Parliament Hill in Ottawa, Ontario, Wednesday, Sept. 28, 2022. On Monday, Dec. 5, 2022, the Canadian branch of Amnesty International said it was the target of a cyberattack sponsored by China. Nivyabandi said the searches in their systems were specifically and solely related to China and Hong Kong, as well as a few prominent Chinese activists. The hack left the organization offline for nearly three weeks. (Sean Kilpatrick/The Canadian Press via AP)

TORONTO (AP) — The Canadian branch of Amnesty International said Monday it was the target of a cyberattack sponsored by China.

The human rights organization said it first detected the breach Oct. 5 and hired forensic investigators and cybersecurity experts to investigate.

Ketty Nivyabandi, Secretary General of Amnesty International Canada, said the searches in their systems were specifically and solely related to China and Hong Kong, as well as a few prominent Chinese activists. The hack left the organization offline for nearly three weeks.

U.S. cybersecurity firm Secureworks said there was no attempt to monetize the access, and “a threat group sponsored or tasked by the Chinese state” was likely behind the attack because of the nature of the searches, the level of sophistication and the use of specific tools that are distinctive of China-sponsored actors.

Nivyabandi encouraged activists and journalists to update their cybersecurity protocols in light of it.

“As an organization advocating for human rights globally, we are very aware that we may be the target of state-sponsored attempts to disrupt or surveil our work. These will not intimidate us and the security and privacy of our activists, staff, donors, and stakeholders remain our utmost priority,” Nivyabandi said.

Amnesty is among organizations that support human rights activists and journalists targeted by state actors for surveillance. That includes confirming cases of activists’ and journalists’ cellphones being infected with Pegasus spyware, which turns the devices into real-time listening tools in addition to copying their contents.

In August, the cybersecurity firm Recorded Future listed Amnesty and the International Federation for Human Rights among organizations that Chinese hackers were targeting through password-stealing schemes designed to harvest credentials. It called that particularly concerning given the Chinese state’s “reported human rights abuses in relation to Uyghurs, Tibetans and other ethnic and religious minority groups.”

Amnesty has raised alarms about a system of internment camps in China that swept up a million or more Uyghurs and other ethnic minorities, according to estimates by experts. China, which describes the camps as vocational training and education centers to combat extremism, says they have been closed. The government has never publicly said how many people passed through them.

China’s embassy in Ottawa did not immediately respond to a message seeking comment.

____

AP writer Frank Bajak in Boston contributed to this report.