'Amnesty's HK Base Hacked By China-linked Groups'

Amnesty International's Hong Kong office has been hit by a years-long cyberattack from hackers with known links to the mainland government, the rights group said on Thursday.

Amnesty said it first detected its systems had been compromised on March 15 when its Hong Kong office migrated its IT infrastructure to the rights group's more secure international network as part of a scheduled upgrade.

The group brought in a team of experts to investigate.

"Cyber forensic experts were able to establish links between the infrastructure used in this attack and previously reported APT campaigns associated with the Chinese government," the group said in a statement.

Advanced persistent threats (APTs) are the most complex and effective hacks that deploy significant know how and resources – and they are usually carried out by, or on behalf of, a state.

Amnesty said their investigations pointed to "a known APT group" which used "tactics, techniques and procedures consistent with a well developed adversary".

It declined to name the group, saying investigations were still ongoing, but added it would release a technical report at a later date.

"This sophisticated cyberattack underscores the dangers posed by state-sponsored hacking and the need to be ever vigilant to the risk of such attacks," said Man-kei Tam, director of Amnesty International Hong Kong.

"We refuse to be intimidated by this outrageous attempt to harvest information and obstruct our human rights work," he said.

Tam said experts were still trying to work out when the attack began, but they believe their systems were compromised for some time.

"According to our cyber forensic experts the attack has been persistent, so it has been happening already for a few years," he said, adding that it has since been contained.

The rights group has contacted individuals whose details may have been put at risk. It declined to detail how many people could be affected but said no financial information had been compromised.

Joshua Rosenzweig, head of Amnesty's East Asia Regional Office, which is also based in Hong Kong but separate to the local branch that was targeted, said civil society was clearly a target to state-sponsored cyberattacks. (AFP)