Chinese Hackers Compromised Multiple Canadian Government Networks for Years, Stole Info: Security Agency
Cyber threat actors from the People’s Republic of China (PRC) have been implicated in multiple breaches of networks associated with federal government agencies and departments, according to a report from the national cybersecurity agency.
The centre identifies China as the top threat actor targeting Canada, noting that its cyber operations are “second to none” in scale, technique, and ambition. Beijing’s objectives include espionage, intellectual property theft, malign influence, and transnational repression, the centre says.
While the report highlights China’s hacking of 20 federal government networks in the past four years, information elsewhere in the report shows that Chinese hackers have had access to multiple government networks longer than that. The report says that Chinese agents have compromised Canadian government networks over the past five years, collecting communications and other valuable information.
“While all known federal government compromises have been resolved, it is very likely that the actors responsible for these intrusions dedicated significant time and resources to learn about the target networks,” the report reads.
At a press conference on Oct. 30, Caroline Xavier, chief of the Canadian Communications Security Establishment (CSE), would not comment on the details of the breaches, but said mitigation measures had been “effective.”
“The key message for us—when there are incidents that occur—is really being focused on ensuring [we] minimize the impact to the government department that may have been compromised. And that is exactly where our focus has been,” she told reporters. “We do feel that the measures were taken to be able to mitigate any of the risks, and to address the incidents in an effective manner.”
The cyber centre is hosted within CSE, Canada’s electronic spy agency, which is responsible for collecting signals intelligence and defending against cyberattacks.
China Targets
In addition to federal agencies, provincial and territorial governments are also seen as valuable targets for Beijing, the report said, noting that these governments hold decision-making power over regional trade and commerce, including the extraction of critical minerals and other natural resources.
Xavier said this targeting indicates Beijing is a “sophisticated, consistent, and persistent actor,” and that Canada needs to address the threat with a more comprehensive approach.
“We have work to do as a nation, to continue to work, in particular with the provinces, territories, indigenous communities, because we recognize that we’re all vulnerable, or we all could be vulnerable, and we really want to continue to raise Canada’s cyber resilience,” she said.
The cyber centre also echoed previous reports from various human rights groups, warning that Beijing’s transnational repression has primarily targeted five specific communities, referred to by the regime as the “five poisons.” These include Falun Gong practitioners, Uyghurs, Tibetans, supporters of Taiwanese independence, and pro-democracy activists.
“PRC actors very likely facilitate transnational repression by monitoring and harassing these groups online and tracking them using cyber surveillance,” the report said. “For example, the PRC has been publicly linked to cyber espionage operations against the Uyghur minority group, including members living in Canada, using spear phishing emails and spyware.”
Other Countries Named
Other state-backed threat actors highlighted in the cyber centre report include Russia, Iran, and India.
Russia’s cyber operations are characterized as “a multi-layered strategy” that combines conventional cyber espionage and computer network attacks with disinformation. Its primary goal is to enhance Russia’s global status while undermining democratic institutions in Canada and among its allies.
A specific case cited in the report involves a breach detected by Microsoft in January, where a Russian state-sponsored cyber threat actor known as Midnight Blizzard accessed the company’s cloud-based enterprise email service.
The group infiltrated correspondence between Microsoft and government officials in Canada, the United States, and the United Kingdom. Initially, the actors sought information about Russia itself, but later used personal data and credentials from the emails to gain access to Microsoft customer systems.
Meanwhile, the report said Iran has been expanding its cyberattacks to western countries amid its ongoing military conflict with Israel.
“Iran has taken advantage of its back-and-forth cyber confrontation with Israel to improve its cyber espionage and offensive cyber capabilities and hone its information campaigns, which it is now almost certainly deploying against targets in the West,” the report said.
During the press conference, Xavier also identified India as an “emerging threat” to Canada.
“India very likely uses its cyber program to advance its national security imperatives, including espionage, counterterrorism, and the country’s efforts to promote its global status and counter narratives against India and the Indian government,” the report said.
Citing her recent testimony before the foreign interference inquiry, Xavier noted India could potentially “flex those cyber threat actions against Canadians” amid ongoing diplomatic tensions.
‘Ever-Present’ Threat
The Centre for Cyber Security says Canada has entered a new era in which cyber threats are “ever present.”
“Canadians will increasingly feel the impact of cyber incidents that have cascading and disruptive effects on their daily lives,” the report said.
The centre says the threat has expanded as Canadians increasingly rely on online platforms and digital technologies to go about their lives.
“These systems record and process vast amounts of data about us, often over poorly secured or untrustworthy digital networks,” it said.
Aside from the threats from hostile state actors, the centre notes that the cybercrime business model is “underpinned by flourishing online marketplaces” where leaked data is sold along with cyber tools for criminals.