State-sponsored hackers are reportedly behind a series of “sophisticated cybersecurity incidents” that have targeted government networks in British Columbia, Canada’s westernmost province. Deputy Premier Shannon Salter revealed to the press that there have been three separate attempts by threat actors to compromise government systems within the province.
The announcement comes after Premier David Eby initially disclosed the cyberattacks last week, emphasizing that, as of now, there is no evidence to suggest that any sensitive information has been breached. The first attack took place on April 10, followed by a second incident on April 29, prompting officials to issue a notice to staff advising them to change their passwords as a security precaution. The third attack was detected on May 6.
According to Salter, the Canadian Centre for Cyber Security recommended delaying the announcement of the second incident to avoid tipping off other potential threat actors to any vulnerabilities present in government networks. While the specific nature of these cyber incidents has not been publicly revealed, the attackers were noted for their attempts to conceal their activities, a behavior commonly associated with state or state-sponsored actors, as highlighted by Mike Farnworth, the province’s public safety minister and solicitor general.
During the press briefing, Salter mentioned that Microsoft’s Detection and Response Team (DART) has been enlisted to assist with the incident response, although she refrained from confirming whether the cyber incidents were related to any breach of Microsoft products. The investigative efforts are ongoing, with experts currently analyzing a substantial 40 terabytes of data in an attempt to uncover the full extent of the cybersecurity breaches.
These cyberattacks in British Columbia occurred against a backdrop of heightened awareness regarding foreign interference in Canadian affairs, as evidenced by the recent annual report released by the Canadian Security Intelligence Service (CSIS). The report specifically cautioned about persistent Chinese interference in Canadian political matters, noting the attractiveness of Canada as a target for cyber-enabled espionage, sabotage, and foreign influence activities, all of which pose considerable threats to national security.
The CSIS report further highlighted Chinese state-sponsored threat actors engaged in widespread cyber espionage activities targeting various sectors and entities in Canada, including government agencies, academic institutions, private industries, and civil society organizations. The report also made reference to India, citing strained bilateral relations between the countries following the alleged Indian state-sponsored assassination of Sikh separatist Hardeep Singh Nijjar in British Columbia in 2023, the same province where the recent cyberattacks occurred.
However, the report clarified that while low-level cyber operations have been observed against Canada by India-aligned non-state cyber actors, there is no evidence implicating the Government of India in these cyber incidents. The investigation into the cybersecurity breaches in British Columbia remains ongoing, with authorities working diligently to identify the perpetrators and safeguard government networks against future attacks.