China 'compromised' Canadian government networks and stole valuable info: spy agency

State-sponsored hackers from China have “compromised” Canadian government networks over the past five years, gathering valuable intelligence, according to a new report from Canada’s cyber spy agency.

The Communications Security Establishment (CSE), which handles foreign signals intelligence, cyber operations, and cybersecurity, released an updated national cyber threat assessment on Wednesday, identifying the most critical threats facing individuals and organizations in Canada.

During a news conference in Ottawa, CSE chief Caroline Xavier shared the agency’s concerns: “We’re often asked what keeps us up at night. Well, pick the page.”

The report, projecting ahead to the 2025-2026 fiscal year, labels the People’s Republic of China (PRC) as “the most comprehensive cyber security threat facing Canada today.” It highlights China’s scale, expertise, and ambitions in cyberspace as “second to none.”

CSE says Chinese state-sponsored hackers have repeatedly launched cyber espionage campaigns against federal, provincial, territorial, municipal, and Indigenous government networks in Canada.

“PRC cyber threat actors have compromised and maintained access to multiple government networks over the past five years, collecting communications and other valuable information,” the report states.

According to CSE, at least 20 Canadian government agencies and departments have been breached by Chinese cyber actors. While all known federal compromises have been resolved, the report suggests that these actors “likely invested significant time and resources” to understand their target networks.

The report indicates that China targets government networks and officials to gain leverage in Canada-China relations and commercial matters. “For example, provincial and territorial governments are likely valuable targets given their control over regional trade and commerce, including energy and critical minerals,” it notes. The information obtained may also be used to support China’s efforts to interfere with Canadian democratic institutions.

The report also warns that China’s cyber activities extend to suppressing activists, journalists, and diaspora communities. “The PRC government very likely leverages Chinese-owned technology platforms, some of which likely co-operate with the PRC’s intelligence and security services, to facilitate transnational repression,” it states, though the platforms are not named.

The Canadian Security Intelligence Service (CSIS) has previously cautioned against using TikTok. Former CSIS director David Vigneault told CBC that the app’s design makes it “very clear” that user data is “available to the government of China.”

CSE’s report also names Russia, Iran, North Korea, and India as cyber threats. Russian actors are “very likely targeting the Canadian government, military, private sector, and critical infrastructure networks,” it says.

The report highlights that as relations between Canada and India continue to decline, India will likely ramp up its cyber espionage efforts against Canadian networks. Tensions between the two countries have worsened in recent weeks following Canada’s accusations that India orchestrated violence on Canadian soil, including murders and extortion.

A 2021 report from the National Security and Intelligence Committee of Parliamentarians warned that gaps in Ottawa’s cyber defences left government agencies vulnerable to state-sponsored hackers. It found that smaller government entities, such as Crown corporations and departments with fewer than 500 staff or budgets under $300 million, had not adopted specialized cyber defence sensors.

The committee recommended that CSE’s cyber defence program be extended to cover all federal agencies, but CSE confirmed this has not yet happened. Xavier declined to specify whether any of the compromised agencies identified in the report are among those without CSE’s sensors.

“Yeah, we’re not going to comment on that,” she said.