China wants to export its great firewall to other countries

The Canadian branch of the global human rights non-governmental organization Amnesty International recently suffered a cyberattack apparently orchestrated by a Chinese state-sponsored attacker.

In a press release (opens in a new tab), Amnesty International Canada said it detected "suspicious activity" on its IT infrastructure on October 5, 2022. As soon as the activity was observed, the organization called "a highly trained team of forensic investigators and cybersecurity experts” to investigate and protect systems.

The team was led by Secureworks, which determined that an anonymous threat actor gained access to the organization's computer systems as part of a "sophisticated digital security breach."

human rights in sight

"A digital security breach was perpetrated using tools and techniques associated with specific advanced persistent threat (APT) groups," the announcement read.

Secureworks then pointed a finger at the Chinese threat actors, saying that the nature of the targeted information, the tools used in the attack, as well as the behaviors of the attackers all align with entities "associated with cyber espionage threat groups." Chinese". .

The organization's secretary general, Ketty Nivyabandi, did not seem overly upset by the raid: "As a global human rights organization, we are acutely aware that we may be the target of state-sponsored attempts to disrupt or monitor our work. We will not be intimidated by this and the safety and privacy of our activists, staff, donors and stakeholders remains our top priority,” she said.

Investigators also determined that this was most likely an espionage campaign, as there is no evidence that donor or member data was exfiltrated. The organization said it informed law enforcement organizations, staff, donors and other stakeholders about the event.

The organization has chosen not to share details of the attack, including the name of the threat author or the potential malware (opens in a new tab) or fraud used to gain access to the target endpoints (opens in a new tab). new).

Via: BleepingComputer (Opens in a new tab)

Share This