Offering a rare glimpse at the priorities of a top spy organization, Canada’s Communications Security Establishment said it conducted a handful of state-authorized hacks last year in order to disrupt the operations of drug traffickers, violent extremists, and a ransomware gang.

The disclosures in the Canadian intelligence agency’s annual report underscore some of the main national security threats that face Canada and its closest allies: ranging from the import of illegal drugs to cyberattacks. The spy agency, CSE, is tasked with collecting foreign intelligence, defending government systems, and disrupting online adversaries.

Published last week, the report says the CSE last year carried out three foreign “active cyber operations” — the term agency uses to describe its cyberattacks on overseas operations that threaten Canadian national security and public safety.

One of the operations, per the report, targeted cybercriminals outside of Canada who were brokering the sale of chemicals used to create the synthetic opioid, fentanyl. The CSE collected intelligence on the brokers, then conducted an operation that “disrupted and diminished their ability to operate,” the report said.

Another active operation involved the collection of signals intelligence — data produced from electronics and internet-connected devices — on an overseas extremist group that was spreading violent ideology and recruiting members, including in Canada.

The report said the agency analyzed the group’s organization, reach, and potential vulnerabilities to conduct an operation that “successfully undermined the group’s credibility and limited their ability to radicalize and recruit new members.”

Another operation involved disrupting a ransomware-as-a-service operation that let hackers rent access to a ransomware gang’s infrastructure to launch destructive extortion attacks. The CSE said its signals intelligence unit identified how the gang worked against the healthcare, transportation, and business sectors in Canada, then used an active cyber operation that “rendered the group’s infrastructure inoperable.” The operation also deleted much of the data on the gang’s servers.

The agency said it undertook concurrent “technical disruptions” against 10 of the most significant ransomware gangs targeting Canada to “make parts of their infrastructure unusable.”

The report did not say where the hackers, extremists or the ransomware gang were located, or the specifics of the operations that the CSE used to target them. It’s not uncommon for spy agencies to conduct cyberattacks against their adversaries, but such operations are seldom disclosed or detailed to protect the methods and techniques used.

Fort Meade, Maryland-based Cyber Command, which conducts cyber operations for the U.S. government, regularly carries out “hunt forward” operations that involve sending cyber teams to allied nations to secure their networks and disrupt cyber operations launched by adversaries. The number of U.S.-led hunt forward operations have risen from a few handful during 2018 to more than two dozen during 2025.

Canada’s CSE said it also carried out one defensive cyber operation during the year to target a phishing campaign aimed at Canadian federal government institutions and other important systems. The agency said it disrupted the group’s infrastructure and “degraded their ability” to target Canadians.

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.



Source link

Share.
Leave A Reply

Exit mobile version