cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Chinese hackers continue to target NGOs and governments, cyber security firm says

Cyber security firm Recorded Future has found that Amnesty International and Taiwan’s ruling party have been targeted by Chinese hackers, among other organisations, during a multi-year campaign.

user iconReporter
Mon, 22 Aug 2022
Chinese hackers continue to target NGOs and governments, cyber security firm says
expand image

According to the report released by cyber security firm Recorded Future titled, RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Global Humanitarian, Think Tank, and Government Organisations, hacking group RedAlpha, suspected of acting on behalf of the Chinese government, has carried out a multi-year espionage campaign against numerous governments, NGOs, think-tanks and news agencies. The group has specialised in stealing login details from individuals in organisations considered to be of strategic interest to Beijing.

Those targeted for “credential phishing” since 2019 include the International Federation for Human Rights, Amnesty International, the Mercator Institute for China Studies, Radio Free Asia, the American Institute in Taiwan, Taiwan’s ruling Democratic Progressive Party, and India’s National Informatics Centre, according to Recorded Future.

RedAlpha targeted the organisations with emails containing PDFs that, once clicked, would lead to a fake portal page used to collect their login credentials, the Massachusetts-based cyber security firm said.


Recorded Future said RedAlpha likely targeted Taiwan-based organisations and human rights groups to gather intelligence on the self-governing democracy and ethnic and religious minority groups, respectively.

Speaking with Al Jazeera, Hanna Linderstal, a cyber security researcher and founder of Earhart Business Protection Agency, explained "the group’s modus operandi is common among hackers", which leverages on "human weakness".

"In 1998, I talked about the importance of strong passwords and security routines and in 2022, I still say the same thing.

"IT departments are usually well prepared for cyber attacks and the targeting actor knows this, so the weak link is the user and the organisation’s routines.

"These actors use several angles of attack, but the easiest way to get information is often via the employee at the keyboard," Linderstal told Al Jazeera.

Spokesperson for Amnesty International, Nabila Khan, explained the organisation was familiar with being the target of cyber attacks.

RedAlpha was first identified by Canada’s CitizenLab in 2018 and is believed to have started operating around 2015. Last year, The group allegedly weaponised about 350 domains, according to Recorded Future data, which disclosed its latest activity "bore the hallmarks of previous campaigns".

"Amnesty often attracts attention from those with malicious intent seeking to disrupt our activity.

"“We have security systems in place to mitigate and manage these threats the best we can," Khan said.

Recorded Future researchers added that many organisations, particularly government institutions, have been slow to adopt multi-factor authentication, which requires more than just a stolen password to access a site. The cyber security firm also has a "high degree" of confidence RedAlpha is operating as a proxy for the Chinese state due to links with state-owned enterprises and military tech research institutions, and its choice of targets that are of clear strategic interest to Beijing.

Intelligence experts say outsourcing espionage work to private contractors is a common tactic of Chinese intelligence agencies.

"Actors gather information for espionage and attacks, but they are hard to identify.

"The usage of non-state actors for cyber espionage is a common strategy for several states in the world today," Linderstal said.

"Even if there is a state connection, it’s hard to prove. Nobody will take responsibility for the proxy … the state can always say they have no knowledge about the organisation or its actions."

Al Jazeera reports the China’s Ministry of Foreign Affairs did not respond to a request for comment, but a government spokesman has asserted that the country opposes all cyber attacks and would "never encourage, support, or connive" to carry out such activity.

[Related: Labor to overhaul national cyber security strategy]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.