OTTAWA — Russian cybercriminals managed to hack into a Quebec municipality’s water treatment plant systems and had the ability to wreak havoc on the crucial infrastructure before getting caught, according to Canada’s cyber spy agency.
In its latest annual report released Monday , the Communications Security Establishment (CSE) said that it detected over 3,200 cyber incidents affecting either federal government organizations or one of ten critical infrastructure sectors, such as energy, critical minerals and water.
In one particular case discussed in the report, the signals intelligence agency said it was advised last October that Russian hacktivist group NoName had broken into the Quebec water plant’s network and gained access to many crucial systems.
According to CSE, NoName claimed it had gained the “ability to covertly control pumps, chlorine dosing, pressure settings and monitoring/alerts systems.” The report does not identify the impacted Quebec municipality.
It’s one of the most specific examples the federal cyber agency has given of how foreign state-backed hackers are trying to break into Canadian critical infrastructure cyber systems. Their goals are often to either extort the systems’ owners or wield the breach as a ticking timebomb in the case of hostilities between that country and Canada.
It’s also the first time CSE — which has previously warned of foreign cyber attacks on Canadian water infrastructure — attributes the treatment plant breach to a Russian-backed group and identifies which province the system was located.
According to the U.S. Department of Justice , NoName is a cybercriminal group financially backed by the Russian government that frequently conducts operations against Russia’s foes. They frequently target North American water systems.
“State-sponsored actors are becoming more aggressive and are moving beyond traditional espionage to conduct more disruptive activities,” reads the report.
Interestingly, the annual report notes that it isn’t CSE that detected the breach. Rather, CSE’s Cyber Centre was notified by the Organization of American States’ cybersecurity coordination network of a claim by NoName of the breach. The cyber agency says it then worked with unnamed partners to mitigate the threat.
It also points to two main state cyber adversaries: Russia and China. The report emphasizes that both countries pose a growing threat in the Canadian Arctic, where challenges posed by adversaries go “beyond traditional military and cyber threats to include economic and influence-related activities that seek to shape access, infrastructure, and decision-making in the region.”
In its latest annual report, CSE says it deployed its extraordinary powers to conduct offensive and defensive cyber operations to undermine a network of fentanyl precursor traffickers and an unidentified foreign extremist group seeking to recruit Canadians.
In the first case, CSE revealed that it discovered “key” foreign cybercriminals were brokering the purchase and sale of chemicals used to synthesize opioids such as fentanyl. The spy agency collected foreign intelligence on the group before conducting an offensive cyber operation that “disrupted and diminished” the brokers’ work.
In the second case, the signals intelligence agency said it eavesdropped on a foreign extremist group that was spreading violent ideology and recruiting in Western countries, including Canada.
It then conducted another offensive cyber operation that “undermined the group’s credibility and limited their ability to radicalize and recruit new members.”
In a separate operation, CSE says its worked with its Five Eyes intelligence alliance partners to cyberattack an unnamed “notorious ransomware-as-a-service” cybercrime group and render its systems inoperable all the while deleting “a large amount of stolen data”.
The group was responsible for over 25 ransomware attacks — in which hackers lock a user out of their network or data and then demand a ransom to unlock it — in the transportation, healthcare, pharmaceutical and business sectors in Canada, CSE said.
Overall, the cyber defence agency says network vulnerabilities writ large are growing in number and in severity.
National Post
cnardi@postmedia.com
Our website is the place for the latest breaking news, exclusive scoops, longreads and provocative commentary. Please bookmark nationalpost.com and sign up for our politics newsletter, First Reading, here.
