Human rights groups are under fire from the same advanced persistent threats (APTs) hitting government and public sector bodies, according to the University of Toronto in Canada.
Researchers from the school’s research group, Citizen Lab, warned that civil rights groups were worse equipped than corporations and governments to deal with cybersecurity, adding that such attack could be a threat to rights and democracy.
Ron Deibert, director of the Citizen Lab, said: "It is well known that computer espionage is a problem facing Fortune 500 companies and government agencies.
"Less well known and researched, however, are the ways in which these same type of attacks affect smaller organisations promoting human rights, freedom of speech, and access to information. We set out to fill this gap in knowledge."
Most of the attacks recorded by the researchers were technically simple, with hackers found to be spending their time creating plausible emails to trick victims into downloading malicious attachments or clicking links to bad sites, a process known as social engineering.
Attackers used information stolen from previous breaches to make messages more believable, which the researchers believed was eroding trust in the human rights groups and undermining the usage of computer technology in communication.
"States that support the right to privacy and freedom of expression online should take steps to raise the profile of targeted digital threats against civil society in their domestic policy and diplomacy, treating the matter as of equal priority to their defence of the private sector," the researchers said.
The study followed ten different civil society groups over the past four years, with more than 2,800 malicious payloads identified and 44 malware families.
