Threat actors sponsored by China “compromised” Canadian government networks over the past five years and collected valuable information, says a new report from Canada’s cyber spy agency.
The Communications Security Establishment, responsible for foreign signals intelligence, cyber operations and cyber security, released its updated national cyber threat assessment on Wednesday. The assessment flags threats the agency sees as the most pressing ones facing individuals and organizations in Canada.
“We’re often asked, what keeps up at night? Well, pick the page,” Caroline Xavier, CSE chief, told a news conference in Ottawa.
CSE’s latest report, which casts ahead to the 2025-2026 fiscal year, names the People’s Republic of China (PRC) as “the most comprehensive cyber security threat facing Canada today” and says the scale, tradecraft and ambitions China demonstrates online are “second to none.”
The report says Chinese state-sponsored actors repeatedly conduct cyber espionage campaigns against federal, provincial, territorial, municipal and Indigenous government networks in Canada.
“PRC cyber threat actors have compromised and maintained access to multiple government networks over the past five years, collecting communications and other valuable information,” said CSE.
At least 20 networks associated with government of Canada agencies and departments have been compromised by PRC cyber-threat actors, said the agency.
“While all known federal government compromises have been resolved, it is very likely that the actors responsible for these intrusions dedicated significant time and resources to learn about the target networks,” says the report.
China targets government networks and public officials to obtain advantages in China-Canada bilateral relations and commercial matters, said CSE.
Russia, Iran and India also named
“For example, provincial and territorial governments are likely a valuable target given that they have decision-making power over regional trade and commerce, including resource extraction (e.g., energy and critical minerals),” says the report.
“The information collected is also likely used to support the PRC’s malign influence and interference activities against Canada’s democratic processes and institutions.”
More than two years ago, the National Security and Intelligence Committee of Parliamentarians warned that gaps in Ottawa’s cyber defences could leave government agencies holding vast amounts of data on Canadians and businesses vulnerable to state-sponsored hackers.
The committee found that Crown corporations and small government departments and agencies — defined as those with fewer than 500 staffers and annual budgets of less than $300 million — haven’t heeded calls to use specialized cyber defence sensors to protect their networks from state-sponsored attacks.
The committee recommended CSE’s cyber defence umbrella be extended to cover all federal entities — something CSE has said isn’t happening yet.
Xavier would not say whether any of the compromised agencies and departments flagged in Wednesdays’s report are the ones that don’t use CSE’s sensors.
“Yeah we’re not going to comment on that,” she said.
CSIS director David Vigneault says using TikTok is risky and the potential for the government of China to access personal data from the social media platform poses a ‘threat to the way we live.’
China’s cyber prowess also extends to supporting Beijing’s goal of silencing activists, journalists and diaspora communities.
“The PRC government very likely leverages Chinese-owned technology platforms, some of which likely co-operate with the PRC’s intelligence and security services, to facilitate transnational repression,” said the report.
Wednesday’s report does not name platforms.
The Canadian Security Intelligence Service (CSIS) has warned against using the wildly popular video app TikTok.
Former CSIS director David Vigneault told CBC in an interview it’s “very clear” from the app’s design that data gleaned from its users “is available to the government of China.”
CSE’s report also names Russia, Iran, North Korea and India as cyber adversaries.
Russian cyber threat actors, it says, “are very likely targeting the Canadian government, military, private sector, and critical infrastructure networks.”
It also notes that as the relationship between Canada and India continues to deteriorate, India will likely direct its burgeoning cyber espionage program against Ottawa’s networks.
The already tense relationship took a nosedive in the past two weeks after Canada accused India of orchestrating a campaign of violence on Canadian soil, including murders and extortion.