Introduction
Over the past five years [1] [2] [5] [6], Canadian government networks have faced significant cyber threats from Chinese state-sponsored actors. These intrusions have targeted various levels of government, including federal [2] [6], provincial [2] [3] [6], territorial [2] [3] [6], municipal [2] [3] [6], and Indigenous systems, with the aim of stealing sensitive information and conducting cyber-espionage. The People’s Republic of China (PRC) has been identified as the most significant cybersecurity threat to Canada [2] [5] [6], focusing on government networks and public officials to gain strategic [5], economic [3] [4] [7], and diplomatic advantages [3] [4] [7].
Description
Over the past five years [1] [2] [5] [6], at least 20 Canadian government networks [4], including those associated with federal, provincial [2] [3] [6], territorial [2] [3] [6], municipal [2] [3] [6], and Indigenous systems, have been infiltrated by Chinese state-sponsored threat actors [4]. These actors have compromised these networks [5], stealing sensitive information and maintaining access to engage in cyber-espionage, which includes collecting communications data. The People’s Republic of China (PRC) has been identified as the most significant cybersecurity threat to Canada [2] [5] [6], with a focus on targeting government networks and public officials to gain strategic [5], economic [3] [4] [7], and diplomatic advantages in bilateral relations [5]. The Communications Security Establishment (CSE) has emphasized the sophistication and activity of these cyber capabilities, while the Canadian Centre for Cyber Security confirmed these breaches in its National Cyber Threat Assessment 2025-2026 [4], describing the operations as “second to none.”
The threat actors primarily target information to advance the interests of the Chinese Communist Party, a tactic that has intensified amid rising tensions between the West and the PRC [7]. The data gathered is likely used to support the PRC’s malign influence and interference activities against Canada’s democratic processes and institutions [4] [5]. Although all known compromises have been addressed [1] [2], the report warns that remnants of these attacks may still exist due to the significant time and resources dedicated by the threat actors to understand the compromised networks [3]. Gaps in Ottawa’s cyber defenses have been highlighted [6], particularly among smaller government entities that have not adopted specialized cyber defense measures [6].
In addition to government targets, the report highlights espionage attacks against critical infrastructure, the private sector [4], academia [4], supply chains [4], and government-affiliated research and development [4]. It is believed that PRC threat actors have stolen commercially sensitive data from Canadian firms and institutions [4]. In 2021, government officials critical of the Chinese Communist Party [3], particularly members of the Inter-Parliamentary Alliance on China (IPAC) [3], were specifically targeted through malicious emails designed to install trackers for network reconnaissance [3].
Throughout 2024 [3], Chinese threat actors conducted multiple reconnaissance scans targeting various Canadian government departments [3], agencies [1] [2] [3] [5] [7], federal political parties [3], and democratic institutions [3]. The attacks extended to critical infrastructure [3], the defense sector [3], media organizations [3], think tanks [3], and NGOs [3]. Furthermore, Chinese state-sponsored hackers have targeted individuals [4], including politicians [4], activists [4] [5], journalists [4], and diaspora communities viewed as security threats [4], employing tactics such as spear phishing and spyware to monitor and harass these individuals online [4]. The PRC is also believed to utilize Chinese-owned technology platforms that may cooperate with its intelligence services to facilitate transnational repression [6]. Other countries identified as cyber adversaries include Russia [6], Iran [6], North Korea [6], and India [6].
Conclusion
The ongoing cyber threats from Chinese state-sponsored actors pose significant challenges to Canada’s national security and democratic institutions. While efforts have been made to address known compromises, the potential for lingering vulnerabilities remains. It is crucial for Canada to enhance its cybersecurity measures, particularly among smaller government entities [6], to mitigate future risks. The evolving nature of cyber threats necessitates continuous vigilance and adaptation to protect sensitive information and maintain the integrity of Canada’s digital infrastructure.
References
[1] https://www.theglobeandmail.com/canada/article-state-adversaries-getting-bolder-in-cyberspace-canadian-threat/
[2] https://ici.radio-canada.ca/rci/en/news/2116286/china-has-compromised-government-networks-stealing-valuable-info-canadian-cyber-spies
[3] https://www.techradar.com/pro/security/chinese-hackers-had-access-to-canadian-government-systems-for-years
[4] https://www.infosecurity-magazine.com/news/canadian-government-data-chinese/
[5] https://journal.probeinternational.org/2024/10/30/china-compromised-canadian-government-networks-and-stole-valuable-info-spy-agency/
[6] https://ici.radio-canada.ca/rci/en/news/2116363/china-compromised-canadian-government-networks-and-stole-valuable-info-spy-agency
[7] https://www.darkreading.com/cyberattacks-data-breaches/canada-prc-backed-threat-actors