State-sponsored program is ‘largest strategic cyber threat to Canada,’ says Cyber ​​Security Center

Cyberthreat activity from China, Russia, Iran and North Korea poses ongoing threats targeting individuals in Canada

The Federal Center for Cybersecurity has warned that state-sponsored cyber threat activities by China, Russia, Iran and North Korea “pose Canada’s greatest strategic cyber threat.”

The activity is one of five threat narratives deemed “most dynamic and impactful” in a newly released report by the Canadian Cyber ​​Security Center (Cyber ​​Center), part of Canada’s communications security agency. It’s one. National Cyber ​​Threat Assessment 2023–24.

“National actors can target Canadian diaspora populations and activists, Canadian organizations and their intellectual property for espionage, and even target Canadian individuals and organizations for financial gain.” the report said.

Please note that this type of activity against Canada is an ongoing threat and is often part of a larger, global campaign being conducted by these states.

At a press conference on October 28, Cyber ​​Center Deputy Director Rajiv Gupta said:

The other four threat stories are ransomware. Risk to critical infrastructure. Using misinformation, disinformation and misinformation to influence Canadians. Disruptive technologies such as cryptocurrencies, machine learning, and quantum computing.

“We must be ready to defend Canadian cyberspace wherever the next threat comes from.” Sami Cooleythe head of the Cyber ​​Center at a press conference.

Canadian surveillance, control

Foreign government-sponsored cyber threat actors almost certainly target foreign nationals, diaspora groups, activists, and journalists to monitor and control these individuals and disrupt their activities, according to the report.

It said state-sponsored attackers from China, Iran, and Saudi Arabia could monitor content with foreign-based applications, target them on social media, spy on them using spyware, and more. are almost certainly monitoring diaspora populations and activists abroad using the means of

The report cites a study by the University of Toronto’s Citizen Lab, which found that cyberthreat activity “through disinformation and intimidation on social media, denial-of-service attacks against organizations, and compromised personal devices,” by Canadian activists. was found to target

Citizen Lab report In 2018, it noted that “Uyghurs, Falun Gong adherents, and Tibetan groups are well-documented targets of digital espionage activities, either directly sponsored by Chinese government agencies or implicitly. It is often suspected that it is being carried out by an operator who assists in

The Cyber ​​Center report states, “As more devices connect to the internet, the cyberthreat surface expands. , or achieving an ideological goal.”

“The spyware tools that cyber attackers use to compromise personal devices can be highly sophisticated, allowing you to click malicious links, open malicious attachments, and Some even have access to individuals’ personal devices,” the report adds.

At a press conference, Khoury said the assessment was “based on many sources, both classified and unclassified. Some of it comes from foreign signals, intelligence, some of it is publicly available information.”

Software platform abuse

The Center’s report also said state-sponsored attackers are exploiting commonly used software platforms to target “thousands, and sometimes hundreds of thousands, of victims around the world.” said.

In March 2021, Chinese government-backed cyber attackers most likely attempted to infiltrate Microsoft Exchange servers around the world, steal intellectual property and obtain personal information, the report said. It is very likely that over 9,000 Canadian servers are vulnerable.”

Worldwide, an estimated 400,000 servers were affected. Global Affairs Canada (GAC) statement .

“Canada is China’s [People’s Republic of China’s] The Department of National Security (MSS) is responsible for the widespread security breach of our exchange servers,” said the GAC statement.

GAC also identified Advanced Persistent Threat Group 40 (APT 40) as one of several Chinese cyber groups believed to have participated in this operation.

“APT 40 almost certainly consists of elements of the local MSS office of the National Security Agency of Hainan Province. It targeted critical research in the marine technology and biopharmaceutical sectors,” the statement said.

Limin Chow


Limin Zhou is an Ottawa-based reporter.