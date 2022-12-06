The English-language division of Amnesty International’s Canadian office claims it was the subject of a “sophisticated” hacking attempt that it suspects is connected to China. Amnesty International Canada said in a statement on Monday that the cyber security breach was discovered for the first time on October 5 when suspicious activity was noticed on Amnesty’s IT infrastructure. It continued by saying that quick action was taken to safeguard the systems and look into the attack’s origin. “As a group that promotes human rights around the world, we are well aware that we could be the target of state-sponsored efforts to obstruct or monitor our activities. The security and privacy of our activists, staff, funders, and stakeholders remain our top priority, and we will not be intimidated by this, said Ketty Nivyabandi, secretary general of Amnesty International Canada.
This incident, once again, demonstrates the danger state actors pose to anyone who would criticise the policies of certain regimes. Unfortunately, an attack on Amnesty International, following the Vatican last week, tells us that no organisation is beyond the pale when it comes to targets for state-sponsored cyber threats.
While details are scarce at the moment, it’s important to remember that most criminals and state-sponsored APT groups will typically infiltrate organisations via spear phishing, exploiting unpatched vulnerabilities, or through weak credentials.
Therefore, as a first line of defence, if organisations address these main areas by having a patch management plan in place, by deploying MFA, and providing user awareness and training to spot phishing emails which make it into their inbox and provide ways to report, then it can greatly reduce the likelihood of being successfully attacked.