The Canadian branch of Amnesty International said it was the target of a cyber attack sponsored by China.
The human rights organisation said it first detected the breach on October 5 and hired forensic investigators and cyber security experts to investigate.
Ketty Nivyabandi, secretary general of Amnesty International Canada, said the searches in their systems were specifically and solely related to China and Hong Kong, as well as a few prominent Chinese activists.
The hack left the organisation offline for nearly three weeks.
US cybersecurity firm Secureworks said there was no attempt to monetise the access, and “a threat group sponsored or tasked by the Chinese state” was likely behind the attack because of the nature of the searches, the level of sophistication and the use of specific tools that are distinctive of China-sponsored actors.
Ms Nivyabandi encouraged activists and journalists to update their cyber security protocols in light of it.
.@AmnestyNow in Canada targeted in a cyber attack: @kettynivyabandi responds: "We will continue to shine a light on human rights violations wherever they occur and to denounce the use of digital surveillance by governments to stifle human rights,”https://t.co/AgmLU4Z4zE
— Paul O'Brien (@dpaulobrien) December 5, 2022
“As an organisation advocating for human rights globally, we are very aware that we may be the target of state-sponsored attempts to disrupt or surveil our work,” she said.
“These will not intimidate us and the security and privacy of our activists, staff, donors, and stakeholders remain our utmost priority.”
Amnesty is among several organisations that support human rights activists and journalists targeted by state actors for surveillance.
That includes confirming cases of activists’ and journalists’ mobile phones being infected with Pegasus spyware, which turns the devices into real-time listening tools in addition to copying their contents.
In August, the cyber security firm Recorded Future listed Amnesty and the International Federation for Human Rights among organisations that Chinese hackers were targeting through password-stealing schemes designed to harvest credentials.
It said this was particularly concerning given the Chinese state’s “reported human rights abuses in relation to Uighurs, Tibetans and other ethnic and religious minority groups”.
Amnesty has raised the alarm about a system of internment camps in China that swept up a million or more Uighurs and other ethnic minorities, according to estimates by experts.
China, which describes the camps as vocational training and education centres to combat extremism, says these have been closed.
The government has never publicly said how many people passed through them.
China’s embassy in Ottawa did not immediately respond to a message seeking comment.