In a rare public warning, a Canadian intelligence agency highlighted China’s escalating cyber threat against Canadian individuals and organizations, noting that the regime’s efforts surpass other nations’ in volume and intensity.
“The most extensive state-sponsored cyber threat activity against Canada stems from the PRC. The Government of Canada urges the Canadian cyber security community, particularly critical infrastructure network defenders, to bolster their awareness of, and protection against, the PRC’s sophisticated cyber threat activity,” stated Public Safety Minister Dominic LeBlanc, Foreign Affairs Minister Mélanie Joly, and Defence Minister Bill Blair, citing the Cyber Centre bulletin.
Tactics and Trends
PRC cyber espionage often involves actors serving direct or indirect requirements of the Chinese intelligence service and reflects the national policy objectives of the communist regime, the Cyber Centre stated.
Networks of federal agencies have been compromised multiple times, with cyber threat actors routinely seeking information that provides an economic and diplomatic advantage in the PRC-Canada bilateral relationship, according to the bulletin. Information related to technologies prioritized in the PRC’s central planning is a frequent target of these cyberattacks.
“The Centre Centre observes near constant reconnaissance activity by the PRC against Government of Canada systems,” the bulletin stated, adding that all levels of government in Canada should be aware of the espionage threat posed by PRC cyber threat actors.
Related Stories
Additionally, the Cyber Centre has observed several trends and techniques, including the co-opting of compromised small office and home office routers, targeting trusted service providers for access to client networks, and rapidly weaponizing and proliferating exploits for newly revealed vulnerabilities.
The bulletin also noted that PRC cyber threat actors often use the built-in network tools of a system instead of specialized malware to carry out malicious activities, a tactic known as “living off the land.” This approach allows them to blend in with normal system traffic, making it harder for network defenders to detect their activities. “This activity demonstrates a degree of sophistication and agility and shows that PRC cyber threat actors are not limited to a particular technique,” the Cyber Centre said.
PRC Cyber Threat Groups
The Cyber Centre echoed concerns by its U.S. partners about PRC cyber threat groups potentially preparing for computer network attacks on North American critical infrastructure during geopolitical conflicts, warning that such attacks could cause societal panic and delay U.S. military deployment. While Canada may be a lower priority for PRC state-sponsored actors, the bulletin noted that disruption to U.S. infrastructure could still impact Canada due to sector interdependence.
While the bulletin didn’t name specific threat groups, the activities of what is known as Advanced Persistent Threat 31 (APT31) have garnered significant attention from lawmakers on both sides of the border in recent months.
Noé Chartier contributed to this report.
