Canada's Communications Security Establishment (CSE), a leading intelligence agency, has offered a rare insight into its operational priorities by revealing it conducted several state-authorised cyberattacks last year. These operations were specifically aimed at disrupting the activities of international drug traffickers, violent extremist organisations, and a prominent ransomware gang, according to the agency's recently published annual report.
The disclosures highlight pressing national security concerns faced by Canada and its key allies, including the UK. These threats range from the illicit import of dangerous drugs, such as the synthetic opioid fentanyl, to the increasing prevalence of sophisticated cyberattacks targeting critical infrastructure and businesses. The CSE's mandate encompasses collecting foreign intelligence, safeguarding government systems, and neutralising online adversaries.
The report details three 'active cyber operations' conducted overseas, a term the agency uses for its cyberattacks against foreign entities posing a threat to Canadian national security and public safety. One significant operation targeted cybercriminals operating outside Canada who were facilitating the sale of chemicals essential for producing fentanyl. The CSE gathered intelligence on these brokers before launching an operation that 'disrupted and diminished their ability to operate'.
Another critical operation focused on an overseas extremist group actively spreading violent ideology and recruiting members, including within Canada. Through the collection of signals intelligence – data derived from electronic devices and internet activity – the agency analysed the group's structure, reach, and vulnerabilities. This led to an operation that 'successfully undermined the group’s credibility and limited their ability to radicalise and recruit new members'.
Furthermore, the CSE successfully disrupted a 'ransomware-as-a-service' operation, which allowed other hackers to rent access to the gang's infrastructure for launching extortion attacks. The agency's signals intelligence unit identified how this gang targeted sectors including healthcare, transportation, and business in Canada. A subsequent active cyber operation 'rendered the group’s infrastructure inoperable' and deleted a significant portion of the data on their servers. Concurrently, the agency undertook 'technical disruptions' against ten other major ransomware gangs targeting Canada, making parts of their infrastructure unusable.
While the report refrained from disclosing the exact locations of the targeted entities or the precise methods employed, such transparency from a top-tier intelligence agency is uncommon. This deliberate omission is standard practice to protect operational techniques and capabilities. The revelations underscore the evolving landscape of national security, where cyber warfare and intelligence gathering play an increasingly vital role in countering complex and interconnected global threats.