State-Sponsored Programs the ‘Greatest Strategic Cyber Threat to Canada,’ Says Cybersecurity Centre
Cyber activity from China, Russia, Iran, North Korea poses a constant threat to Canadian individuals
The federal Cybersecurity Center warns that state-sponsored cyber threat activities from China, Russia, Iran and North Korea “pose the greatest strategic cyber threat to Canada.”
This activity is among the five threat narratives that the Canadian Cyber Security Center (Cyber Centre), part of Canada’s Communications Security Office, considers to be the “most dynamic and influential” in its recently released National Cyber Threat Assessment 2023–24.
“State actors can target diaspora populations and activists in Canada, Canadian organizations and their intellectual property for espionage, and even Canadian individuals and organizations for financial gain,” the report said.
He notes that this type of activity against Canada is an ongoing and ongoing threat and is often part of larger, global campaigns undertaken by these states.
“We are drawing attention to state-sponsored activities against individuals and businesses,” Rajiv Gupta, the Cyber Center’s assistant chief, said on Oct. 28 at a news conference announcing the report.
The other four threat narratives are ransomware; risk to critical infrastructure; the use of disinformation, disinformation and malformations to influence Canadians; and disruptive technologies such as cryptocurrencies, machine learning and quantum computing.
“We must be ready and able to defend Canada’s cyberspace, no matter where the next threat comes from,” Sami Khoury, head of the Cyber Center, said at a news conference.
Surveillance, control of Canadians
The report states that foreign state-sponsored cyber threat actors almost certainly target foreign nationals, diaspora groups, activists and journalists in order to monitor and control these individuals and disrupt their activities.
It said state-sponsored actors from China, Iran and Saudi Arabia almost certainly followed diaspora populations and activists abroad using means such as monitoring their content on foreign apps, targeting social media and using spyware to spy on them.
The report cites research by the University of Toronto’s Citizen Lab, which found cyber threat activity targeting activists in Canada “through disinformation or intimidation on social media, denial-of-service attacks on their organizations and the compromise of their personal devices.”
Citizen Lab stated in a report published in 2018 that “Uyghurs, Falun Gong supporters and Tibetan groups are well-documented targets of digital espionage operations that are often suspected of being carried out by operators directly sponsored or tacitly supported by agents of the Chinese government. ”
The Cyber Center report warns that “as more devices are connected to the Internet, the cyber threat surface is expanding. Cyber threat actors are adapting their activities and using new technologies to achieve financial, geopolitical or ideological goals.”
“Spy tools used by cyber threat actors to compromise a personal device can be very sophisticated, and some provide access to an individual’s personal device without having to click on a malicious link or open a malicious attachment,” the report added.
At the press conference, Khoury noted that the assessment “is drawn from many sources, both classified and unclassified. Some of our knowledge comes from defending the Government of Canada against cyber attacks; some of it comes from foreign signals, intelligence. Some of it is publicly available information.”
Exploitation of software platforms
The center’s report also said state-sponsored threat actors are exploiting software platforms commonly used to target “thousands and sometimes hundreds of thousands of victims worldwide.”
In March 2021, Chinese state-sponsored cyber threat actors compromised Microsoft Exchange servers worldwide in what was most likely an attempt to steal intellectual property and obtain personal information, the report said, noting that “more than 9,000 Canadian servers are highly probably vulnerable”.
Globally, an estimated 400,000 servers were affected, according to a July 2021 Global Affairs Canada (GAC) statement announcing that Canada was joining its allies in identifying state-sponsored actors from China as responsible for the activity.
“Canada is convinced that the PRC [People’s Republic of China’s] The Ministry of State Security (MSS) is responsible for the widespread compromise of exchange servers,” the GAC said in a statement.
The GAC also identified Advanced Persistent Threat Group 40 (APT 40) as one of several PRC cyber groups believed to have participated in the operation.
“APT 40 is almost certainly made up of elements of the MSS regional office of the Hainan State Security Department. “His cyber activities targeted critical research in Canada’s defence, ocean technology and biopharmaceutical sectors in separate malicious cyber campaigns in 2017 and 2018,” the statement said.
Follow
Limin Zhou is a reporter from Ottawa.
Comments are closed.