Chinese attackers accessed Canadian government networks – for five years

A report by Canada's Communications Security Establishment (CSE) revealed that state-backed actors have collected valuable information from government networks for five years.

The biennial National Cyber Threat Assessment described the People's Republic of China's (PRC) cyber operations against Canada as "second to none." Their purpose is to "serve high-level political and commercial objectives, including espionage, intellectual property (IP) theft, malign influence, and transnational repression."

Over the past four years, at least 20 networks within Canadian government agencies and departments were compromised by PRC cyber threat actors.

The CSE assured citizens that all known federal government compromises have been resolved, but warned that "the actors responsible for these intrusions dedicated significant time and resources to learn about the target networks."

The report also alleges that government officials – particularly those perceived as being critical of the Chinese Communist Party (CCP) – were attacked. One of those attacks includes an email operation against members of Interparliamentary Alliance on China.

The purpose of the cyber attacks is mainly to gain information that would lead to strategic, economic, and diplomatic advantages. The activity appears to have intensified following incidents of bilateral tension between Canada and the PRC, after which Beijing apparently wanted to gather timely intelligence on official reactions and unfolding developments, according to the report.

Canada's private sector is also in the firing line, with the CSE suggesting "PRC cyber threat actors have very likely stolen commercially sensitive data from Canadian firms and institutions."

Operations that collect information that could support the PRC's economic and military interests are priority targets.

The intelligence agency predicted espionage activities will intensify alongside economic growing tensions between the PRC and Canada's allies.

Among the products identified as lustworthy for Beijing are: humanoid robots, quantum computers, new displays, brain-computer interfaces, 6G networks, ultra-large scale new intelligence computing centers, Web 3.0, and advanced aviation equipment.

• Russian court fines Google $20,000,000,000,000,000,000,000,000,000,000,000
• Wanted. Top infosec pros willing to defend Britain on shabby salaries
• Linus Torvalds: 90% of AI marketing is hype
• Beijing claims it's found 'underwater lighthouses' that its foes use for espionage
• Musk, Bezos need just 90 minutes to match your lifetime carbon footprint, says Oxfam

India rising

The report also named Russia and Iran as significant hostile states – which isn't surprising.

The inclusion of India, named for the first time as an emerging threat, may be. Canada and India are, after all, both democracies and share membership of the UK-centric Commonwealth of Nations.

"We assess that Indian state-sponsored cyber threat actors likely conduct cyber threat activity against Government of Canada networks for the purpose of espionage," stated the agency, adding "We judge that official bilateral relations between Canada and India will very likely drive Indian state-sponsored cyber threat activity against Canada."

India and Canada have recently experienced increased diplomatic friction. In September of last year, Canadian prime mMinister Justin Trudeau publicly accused the Indian government of involvement in the murder, on Canadian soil, of Sikh activist Hardeep Singh Nijjar.

In the weeks that followed, Canada's military and parliament experienced cyber attacks from independent – but politically state-aligned – Indian hacktivists.

The cyber threat assessment highlighted that such motivated hacktivism, from many sources, complicates the threat environment and can disrupt critical infrastructure. ®