Cyber ​​threats from China, Russia, Iran and North Korea pose a constant and ongoing threat to Canadians

The Federal Cyber ​​Security Center warns that state-sponsored cyber threats from China, Russia, Iran and North Korea “constitute the greatest strategic cyber threats to Canada.”

This activity is among the five threat stories considered “most dynamic and impactful” by the Canadian Center for Cyber ​​Security (Cyber ​​Centre), part of the Communications Security Establishment of Canada, in its new publication National Cyber ​​Threat Assessment 2023-2024.

“State actors can target diaspora populations and activists in Canada, Canadian organizations and their intellectual property for espionage, and even Canadian individuals and organizations for financial gain,” the report said.

He noted that this type of activity against Canada is a constant and ongoing threat and is often part of larger global campaigns undertaken by these states.

“We draw attention to state-sponsored activities against individuals and against corporations,” Cyber ​​Center associate director Rajiv Gupta said Oct. 28 during a press conference to release The report.

The other four threat stories are ransomware; risk to critical infrastructure; the use of false information, misinformation and false information to influence Canadians; and disruptive technologies such as cryptocurrencies, machine learning and quantum computing.

“We must be ready and able to defend Canadian cyberspace no matter where the next threat comes from,” said Sami KhouriCyber ​​Center manager at the press conference.

Monitor, control Canadians

The report indicates that cyber threats sponsored by foreign states almost certainly target foreign nationals, diaspora groups, activists and journalists to monitor and control these individuals and disrupt their activities.

He said state-sponsored actors from China, Iran and Saudi Arabia have almost certainly been surveilling diaspora populations and activists abroad using means such as monitoring their content on overseas-based apps, targeting them on social media and using spyware to spy on them.

The report references research by The Citizen Lab at the University of Toronto, which found that cyber threats target activists in Canada “through social media misinformation or intimidation, denial of service attacks against their organizations and the compromise of their personal devices.

The Citizen Lab noted in a report he published in 2018 that “Uyghurs, Falun Gong supporters and Tibetan groups are well-documented targets of digital espionage operations that are often suspected to be carried out by operators directly sponsored or tacitly supported by agents of the Chinese government”.

The Cyber ​​Center report warned that “as more and more devices are connected to the Internet, the surface of cyber threats is expanding. Cyber ​​threat actors are adapting their activities and using new technologies to achieve financial, geopolitical or ideological objectives”.

“The spyware tools used by cybercriminals to compromise a personal device can be very sophisticated, with some allowing access to an individual’s personal device without requiring them to click on a malicious link or open an attachment. malicious,” the report added.

During the press conference, Khoury noted that the assessment “rely on numerous sources, both classified and unclassified. Some of our knowledge comes from defending the Government of Canada against cyberattacks; some comes from foreign signals, intelligence. Some of it is publicly available information.

Exploitation of software platforms

The center’s report also says that state-sponsored threat actors are exploiting commonly used software platforms to target “thousands, if not hundreds of thousands, of victims around the world.”

In March 2021, Chinese state-sponsored cyber threat actors compromised Microsoft Exchange servers around the world in what was most likely an effort to steal intellectual property and acquire personal information, according to the report, noting that “more than 9,000 Canadian servers were most likely vulnerable”.

Globally, around 400,000 servers have been affected, said a Statement from Global Affairs Canada (GAC) in July 2021, announcing that Canada was joining its allies in identifying Chinese state-sponsored actors as responsible for this activity.

“Canada is convinced that the PRC [People’s Republic of China’s] The Department of State Security (MSS) is responsible for the widespread compromise of exchange servers,” the GAC statement read.

GAC also identified Advanced Persistent Threat Group 40 (APT 40) as one of several PRC cyber groups suspected of taking part in the operation.

“APT 40 almost certainly consists of elements from the Hainan State Security Department MSS Regional Office. Its cyber activities targeted critical research in the defence, ocean technology and biopharmaceutical sectors in Canada in separate malicious cyber campaigns in 2017 and 2018,” the statement said.


Limin Zhou is an Ottawa-based journalist.


Indiana treasurer candidates say greater transparency and stronger cybersecurity are top priorities


Layoffs rise as cybersecurity vendors fold

Check Also