State-Sponsored Programs the ‘Greatest Strategic Cyber Threat to Canada,’ Says Cybersecurity Centre

State-Sponsored Programs the ‘Greatest Strategic Cyber Threat to Canada,’ Says Cybersecurity Centre
A computer keyboard lit by a displayed cyber code is seen in this illustration picture taken on March 1, 2017. Kacper Pempel/Reuters
Limin Zhou
Updated:
The federal cybersecurity centre warns that state-sponsored cyber threat activity from China, Russia, Iran, and North Korea “pose the greatest strategic cyber threats to Canada.”
This activity is among five threat narratives considered “the most dynamic and impactful” by the Canadian Centre for Cyber Security (Cyber Centre), part of Canada’s Communications Security Establishment, in its newly released National Cyber Threat Assessment 2023–24.
“State actors can target diaspora populations and activists in Canada, Canadian organizations and their intellectual property for espionage, and even Canadian individuals and organizations for financial gain,” the report said.
It noted that this type of activity against Canada is a constant and ongoing threat and is often part of larger, global campaigns undertaken by these states.
“We are calling attention to the state-sponsored activities against individuals and against businesses,” said Rajiv Gupta, associate head of the Cyber Centre, on Oct. 28 at a press conference to release the report.    
The other four threat narratives are ransomware; risk to critical infrastructure; use of misinformation, disinformation, and malinformation to influence Canadians; and disruptive technologies such as cryptocurrencies, machine learning, and quantum computing. 
“We must be ready and able to defend Canada cyberspace, no matter where the next threat comes from,” said Sami Khoury, head of the Cyber Centre at the press conference. 

Monitoring, Controlling Canadians

The report said foreign state-sponsored cyber threat actors almost certainly target foreign nationals, diaspora groups, activists, and journalists to monitor and control these individuals and disrupt their activities.
It said state-sponsored actors from China, Iran, and Saudi Arabia have almost certainly monitored diaspora populations and activists abroad using means such as monitoring their content on foreign-based applications, targeting them on social media, and using spyware to spy on them. 
The report referred to research by The Citizen Lab at the University of Toronto, which found that cyber threat activity targets activists in Canada “through disinformation or intimidation on social media, denial of service attacks against their organizations, and compromise of their personal devices.”
The Citizen Lab noted in a report it published in 2018 that “Uyghurs, Falun Gong supporters, and Tibetan groups are well documented targets of digital espionage operations that are often suspected to be carried out by operators directly sponsored or tacitly supported by Chinese government agents.”
The Cyber Centre report warned that “as more devices are connected to the internet, the cyber threat surface expands. Cyber threat actors adapt their activities and utilize new technologies to achieve the financial, geopolitical or ideological goals.” 
“Spyware tools used by cyber threat actors to compromise a personal device can be highly sophisticated, with some providing access to an individual’s personal device without requiring them to click on a malicious link or open a malicious attachment,” the report added.
At the press conference, Khoury noted that the assessment “draws on many sources, both classified and unclassified. Some of our knowledge comes from defending the government of Canada against cyber attacks; some of it comes from foreign signals, intelligence. Some of it is publicly available information.”

Exploiting Software Platforms

The centre’s report also said state-sponsored threat actors exploit commonly used software platforms to target “thousands, and sometimes hundreds of thousands, of victims across the globe.”
In March 2021, Chinese state-sponsored cyber threat actors compromised Microsoft Exchange servers worldwide in what was very likely an effort to steal intellectual property and acquire personal information, the report said, noting that “upwards of 9,000 Canadian servers were very likely vulnerable.”
Globally, an estimated 400,000 servers were affected, said a Global Affairs Canada (GAC) statement in July 2021 announcing that Canada was joining its allies in identifying state-backed actors from China as being responsible for this activity.
“Canada is confident that the PRC’s [People’s Republic of China’s] Ministry of State Security (MSS) is responsible for the widespread compromising of the exchange servers,” the GAC statement said.
GAC also identified Advanced Persistent Threat Group 40 (APT 40) as one of several cyber groups from the PRC believed to have taken part in the operation.
“APT 40 almost certainly consists of elements of the Hainan State Security Department’s regional MSS office. Its cyber activities targeted critical research in Canada’s defence, ocean technologies and biopharmaceutical sectors in separate malicious cyber campaigns in 2017 and 2018,” the statement said.