Rare Public Warning: Chinese Cyber Threat Surpasses Other Nations, Spy Agency Reports
In a rare public warning, a Canadian intelligence agency highlighted China’s escalating cyber threat against Canadian individuals and organizations, noting that the regime’s efforts surpass other nations’ in volume and intensity.
“PRC cyber threat activity outpaces other nation state cyber threats in volume, sophistication and the breadth of targeting,” stated the Canadian Centre for Cyber Security in a Cyber threat bulletin released on June 3. This is the second cyber threat bulletin released this year by the Cyber Centre, which is part of the Communications Security Establishment Canada.
On the same day, federal cabinet ministers released a joint statement on “malicious cyber activity.” The ministers called out China, alongside Russia, Iran, and North Korea, citing their extensive and prolonged campaigns aimed at compromising government and private sector computer systems to obtain information for interference with political systems, critical infrastructure, and potential threats or harm to individuals in Canada.
“The most extensive state-sponsored cyber threat activity against Canada stems from the PRC. The Government of Canada urges the Canadian cyber security community, particularly critical infrastructure network defenders, to bolster their awareness of, and protection against, the PRC’s sophisticated cyber threat activity,” stated Public Safety Minister Dominic LeBlanc, Foreign Affairs Minister Mélanie Joly, and Defence Minister Bill Blair, citing the Cyber Centre bulletin.
Tactics and Trends
PRC cyber espionage often involves actors serving direct or indirect requirements of the Chinese intelligence service and reflects the national policy objectives of the communist regime, the Cyber Centre stated.
Networks of federal agencies have been compromised multiple times, with cyber threat actors routinely seeking information that provides an economic and diplomatic advantage in the PRC-Canada bilateral relationship, according to the bulletin. Information related to technologies prioritized in the PRC’s central planning is a frequent target of these cyberattacks.
“The Centre Centre observes near constant reconnaissance activity by the PRC against Government of Canada systems,” the bulletin stated, adding that all levels of government in Canada should be aware of the espionage threat posed by PRC cyber threat actors.
Related Stories
Additionally, the Cyber Centre has observed several trends and techniques, including the co-opting of compromised small office and home office routers, targeting trusted service providers for access to client networks, and rapidly weaponizing and proliferating exploits for newly revealed vulnerabilities.
The bulletin also noted that PRC cyber threat actors often use the built-in network tools of a system instead of specialized malware to carry out malicious activities, a tactic known as “living off the land.” This approach allows them to blend in with normal system traffic, making it harder for network defenders to detect their activities. “This activity demonstrates a degree of sophistication and agility and shows that PRC cyber threat actors are not limited to a particular technique,” the Cyber Centre said.
PRC Cyber Threat Groups
The Cyber Centre echoed concerns by its U.S. partners about PRC cyber threat groups potentially preparing for computer network attacks on North American critical infrastructure during geopolitical conflicts, warning that such attacks could cause societal panic and delay U.S. military deployment. While Canada may be a lower priority for PRC state-sponsored actors, the bulletin noted that disruption to U.S. infrastructure could still impact Canada due to sector interdependence.
While the bulletin didn’t name specific threat groups, the activities of what is known as Advanced Persistent Threat 31 (APT31) have garnered significant attention from lawmakers on both sides of the border in recent months.
APT31, allegedly supported by a Chinese spy service, targets various political and business figures, as revealed in a U.S. indictment unsealed in March. The FBI has identified seven Chinese nationals allegedly linked to APT31.
Among the victims of the threat group were members of the Inter-Parliamentary Alliance on China (IPAC), a coalition of cross-party legislators seeking to reform how democratic countries engage with Beijing. In an April 29 statement, Canadian co-chairs of IPAC, Liberal MP John McKay and Tory MP Garnett Genuis, said that 18 Canadian MPs and senators were targeted by APT31 in 2021.
On the same day, Mr. Genuis raised a question of privilege, moving a motion for the investigation of the breach to be referred to a House committee for study. He noted that the matter is similar to that of his Conservative colleague Michael Chong. An intelligence leak revealed in May 2023 that Mr. Chong was a target of Chinese intelligence, and he also had not been warned by the government.
On May 8, House Speaker Greg Fergus ruled that Mr. Genuis’s concern constituted a question of privilege. MPs voted unanimously in support of the matter to be studied in committee the following day. The House of Commons Standing Committee on Procedure and House Affairs is scheduled to study the matter on June 4 and June 6.
Noé Chartier contributed to this report.
