Other MoA
Other MoA event in Canada on Tue 30th June 2026
30th June 2026
OTTAWA — Russian cybercriminals managed to hack into a Quebec municipality's water treatment plant systems and had the ability to wreak havoc on the crucial infrastructure before getting caught, according to Canada's cyber spy agency.
In its latest annual report released Monday, the Communications Security Establishment (CSE) said that it detected over 3,200 cyber incidents affecting either federal government organizations or one of ten critical infrastructure sectors, such as energy, critical minerals and water.
In one particular case discussed in the report, the signals intelligence agency said it was advised last October that Russian hacktivist group NoName had broken into the Quebec water plant's network and gained access to many crucial systems.
According to CSE, NoName claimed it had gained the "ability to covertly control pumps, chlorine dosing, pressure settings and monitoring/alerts systems." The report does not identify the impacted Quebec municipality.
It's one of the most specific examples the federal cyber agency has given of how foreign state-backed hackers are trying to break into Canadian critical infrastructure cyber systems. Their goals are often to either extort the systems' owners or wield the breach as a ticking timebomb in the case of hostilities between that country and Canada.
It's also the first time CSE — which has previously warned of foreign cyber attacks on Canadian water infrastructure — attributes the treatment plant breach to a Russian-backed group and identifies which province the system was located.
According to the U.S. Department of Justice, NoName is a cybercriminal group financially backed by the Russian government that frequently conducts operations against Russia's foes. They frequently target North American water systems.
"State-sponsored actors are becoming more aggressive and are moving beyond traditional espionage to conduct more disruptive activities," reads the report.
Interestingly, the annual report notes that it isn't CSE that detected the breach. Rather, CSE's Cyber Centre was notified by the Organization of American States' cybersecurity coordination network of a claim by NoName of the breach. The cyber agency says it then worked with unnamed partners to mitigate the threat.
It also points to two main state cyber adversaries: Russia and China. The report emphasizes that both countries pose a growing threat in the Canadian Arctic, where challenges posed by adversaries go "beyond traditional military and cyber threats to include economic and influence-related activities that seek to shape access, infrastructure, and decision-making in the region."
In its latest annual report, CSE says it deployed its extraordinary powers to conduct offensive and defensive cyber operations to undermine a network of fentanyl precursor traffickers and an unidentified foreign extremist group seeking to recruit Canadians.
In the first case, CSE revealed that it discovered "key" foreign cybercriminals were brokering the purchase and sale of chemicals used to synthesize opioids such as fentanyl. The spy agency collected foreign intelligence on the group before conducting an offensive cyber operation that "disrupted and diminished" the brokers' work.
In the second case, the signals intelligence agency said it eavesdropped on a foreign extremist group that was spreading violent ideology and recruiting in Western countries, including Canada.
It then conducted another offensive cyber operation that "undermined the group's credibility and limited their ability to radicalize and recruit new members."
In a separate operation, CSE says its worked with its Five Eyes intelligence alliance partners to cyberattack an unnamed "notorious ransomware-as-a-service" cybercrime group and render its systems inoperable all the while deleting "a large amount of stolen data".
The group was responsible for over 25 ransomware attacks — in which hackers lock a user out of their network or data and then demand a ransom to unlock it — in the transportation, healthcare, pharmaceutical and business sectors in Canada, CSE said.
Overall, the cyber defence agency says network vulnerabilities writ large are growing in number and in severity.
National Post
[email protected]
RCMP hampered by outdated technology and 'risk averse' culture: report
Spy agency workers now eligible for early retirement program after initial refusal
Contextual analysis
Analysing the event count by highlighting the presence of munition categories over a six-month data period.
Understand the complete picture with an Enterprise account.
Learn moreSign in to view this information
Information sources
Discussion and media of this event has been extracted from all sources.
Sign in to view this information
Country information
Click to view more information about the country and see more information on conflicts occuring in that region.
Canada (CAN)
Discover more
Events using similar munitions or platforms and those that happen within a recent time line and proximity are displayed below.
Understand the complete picture with an Enterprise account.
Learn moreSign in to view this information