Chinese Cyber Threat ‘Outpaces Other Nations,’ Spy Agency Says in Rare Public Warning

Chinese Cyber Threat ‘Outpaces Other Nations,’ Spy Agency Says in Rare Public Warning
Canada's Communications Security Establishment (CSE) headquarters in Ottawa is shown in a file photo. Sean Kilpatrick/The Canadian Press
Andrew Chen
Updated:

In a rare public warning, Canada’s cyber security centre highlighted China’s escalating cyber threat against Canadian individuals and organizations, noting that the regime’s efforts surpass other nations’ in volume and intensity.

“PRC cyber threat activity outpaces other nation state cyber threats in volume, sophistication and the breadth of targeting,” the Canadian Centre for Cyber Security said in a June 3 “Cyber threat bulletin,“ the second this year from the Cyber Centre, part of Canada’s Communications Security Establishment.
On the same day, federal cabinet ministers released a joint statement on “malicious cyber activity.” The ministers called out China, Russia, Iran, and North Korea, citing their extensive and prolonged campaigns to compromise government and private sector computer systems and obtain information that could interfere with political systems and critical infrastructure and pose potential threats or harm to individuals in Canada.
“The most extensive state-sponsored cyber threat activity against Canada stems from the PRC [People’s Republic of China], said Public Safety Minister Dominic LeBlanc, Foreign Affairs Minister Mélanie Joly, and Defence Minister Bill Blair, citing the Cyber Centre bulletin. ”The Government of Canada urges the Canadian cyber security community, particularly critical infrastructure network defenders, to bolster their awareness of, and protection against, the PRC’s sophisticated cyber threat activity.”

Tactics and Trends

PRC cyber espionage often involves actors serving the direct or indirect needs of the Chinese intelligence service and reflects the national policy objectives of the communist regime, the Cyber Centre stated.

Networks of federal agencies have been compromised multiple times, with cyber threat actors routinely seeking information that provides an economic and diplomatic advantage in the PRC-Canada bilateral relationship, according to the bulletin. Information related to technologies prioritized in the PRC’s central planning is a frequent target of these cyberattacks.

“The Centre Centre observes near constant reconnaissance activity by the PRC against Government of Canada systems,” the bulletin stated, adding that all levels of government in Canada should be aware of the espionage threat posed by PRC cyber threat actors.

Additionally, the Cyber Centre has observed several trends and techniques, including the co-opting of compromised small office and home office routers, targeting trusted service providers for access to client networks, and rapidly weaponizing and proliferating exploits for newly revealed vulnerabilities.

The bulletin also noted that PRC cyber threat actors often use the built-in network tools of a system instead of specialized malware to carry out malicious activities, a tactic known as “living off the land.” This approach allows them to blend in with normal system traffic, making it harder for network defenders to detect their activities. “This activity demonstrates a degree of sophistication and agility and shows that PRC cyber threat actors are not limited to a particular technique,” the Cyber Centre said.

PRC Cyber Threat Groups

The Cyber Centre echoed concerns by its U.S. partners about PRC cyber threat groups potentially preparing for computer network attacks on North American critical infrastructure during geopolitical conflicts, warning that such attacks could cause societal panic and delay U.S. military deployment. While Canada may be a lower priority for PRC state-sponsored actors, the bulletin noted that disruption to U.S. infrastructure could still impact Canada due to sector interdependence.

While the bulletin didn’t name specific threat groups, the activities of what is known as Advanced Persistent Threat 31 (APT31) have garnered significant attention from lawmakers on both sides of the border in recent months.

APT31, allegedly supported by a Chinese spy service, targets various political and business figures, as revealed in a U.S. indictment unsealed in March. The FBI has identified seven Chinese nationals allegedly linked to APT31.
Among the victims of the threat group were members of the Inter-Parliamentary Alliance on China (IPAC), a coalition of cross-party legislators seeking to reform how democratic countries engage with Beijing. In an April 29 statement, the Canadian co-chairs of IPAC, Liberal MP John McKay and Tory MP Garnett Genuis, said that 18 Canadian MPs and senators were targeted by APT31 in 2021.
On the same day, Mr. Genuis raised a question of privilege and introduced a motion to refer the investigation of the breach to a House committee for study. He noted that the matter is similar to that of his Conservative colleague Michael Chong, who, according to a May 2023 intelligence leak, was a target of Chinese intelligence and had not been warned by the government.
On May 8, House Speaker Greg Fergus ruled that Mr. Genuis’s concern constituted a question of privilege. MPs voted unanimously the following day for the matter to be studied in committee. The House of Commons Standing Committee on Procedure and House Affairs is scheduled to study the matter on June 4 and June 6.
Noé Chartier contributed to this report.