Cyber Incident Victim: Amnesty International Hong Kong
Date:
Mar 2019
Location:
Hong Kong
Summary
The Hong Kong branch of Amnesty International was targeted in a sophisticated cyberattack attributed to state-sponsored hackers linked to the Chinese government, involving tools and techniques consistent with advanced persistent threat groups. Security monitoring detected suspicious activity on local IT systems, prompting an investigation that revealed compromised supporter data including names, identity card numbers, and personal contacts, though no financial information was accessed. The organization notified Hong Kong's privacy watchdog, engaged cybersecurity experts to secure systems, and contacted affected individuals while emphasizing its refusal to be intimidated by the intrusion aimed at obstructing human rights work. A technical report on the incident was pending completion of the ongoing probe.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In March 2019, security monitoring tools detected suspicious activity on the Hong Kong branch of Amnesty International's IT systems, prompting an immediate cybersecurity investigation. The London-based human rights organization publicly disclosed the incident on April 25, 2019, characterizing the attack as consistent with state-sponsored hacking operations linked to hostile groups associated with the Chinese government. Forensic analysis revealed the attackers employed tools and techniques matching those of advanced persistent threat (APT) groups known for conducting long-term network intrusions to extract sensitive data, typically on behalf of nation-states. Cybersecurity experts deployed by Amnesty identified infrastructure connections between this attack and previously documented APT campaigns attributed to Chinese government-affiliated actors. The intrusion methodology indicated a sophisticated operation aimed at establishing persistent unauthorized access to the organization's systems. While the investigation remained ongoing at the time of disclosure, preliminary findings confirmed the attackers' tactics aligned with well-developed adversarial procedures characteristic of state-backed operations. Amnesty emphasized the attackers sought to harvest information through techniques specifically associated with multiple specialized APT groups, though the organization did not publicly name specific threat actors. Security personnel worked to contain the breach and safeguard systems during the forensic examination process.
The cyberattack compromised personal data including supporters' names, Hong Kong identity card numbers, and contact information, though financial details such as credit card numbers or bank account information remained unaffected. Amnesty contacted affected individuals directly while withholding the exact number of compromised accounts due to operational sensitivity concerns. The organization notified Hong Kong's Privacy Commissioner for Personal Data on April 25, 2019, triggering an immediate review by Commissioner Stephen Wong Kai-yi to determine regulatory response measures. Amnesty did not initially involve local police in the investigation. Director Tam Man-kei condemned the intrusion as an intimidation tactic targeting human rights work, affirming the organization's refusal to be deterred from its advocacy mission. Technical teams continued investigating the full scope of targeted data with plans to release a comprehensive report upon concluding the probe. Amnesty provided security support to affected supporters while maintaining operations through enhanced vigilance against persistent cyber threats. The incident highlighted operational risks faced by human rights groups from state-sponsored cyber operations seeking to obstruct activities through information harvesting.