Hack of provincial Canadian government suspected to be ‘state-sponsored’

State-sponsored hackers are believed to be behind the “sophisticated cybersecurity incidents” affecting government networks in British Columbia, Canada’s westernmost province.

Shannon Salter, the province’s deputy premier, told journalists on Friday that the threat actor had made three attempts to compromise government systems.

Her statement follows the premier, David Eby, announcing the cyberattacks last week. At the time, Eby stressed there was currently no evidence that sensitive information had been compromised.

The first of the three cyberattacks took place on April 10. The second occurred on April 29, and was followed by a notice to staff to change their passwords — described as a routine security measure. The third attack was spotted on May 6.

According to Salter, the Canadian Centre for Cyber Security recommended not announcing the second incident too early as it could alert other threat actors to a vulnerability affecting government networks.

The nature of these incidents has not been disclosed, although the threat actors were described as attempting to cover up their tracks, something suggesting “a state actor or a state-sponsored actor” according to Mike Farnworth, the province’s public safety minister and solicitor general.

Salter told journalists that Microsoft’s Detection and Response Team (DART) was assisting with the incident response. She declined to answer whether the incident was related to a breach of a Microsoft product.

The deputy premier said experts were analyzing 40 terabytes of data as part of the ongoing investigation into the incident.

It follows the Canadian Security Intelligence Service (CSIS) last week publishing an annual report including a warning about persistent Chinese interference in Canadian political affairs.

“Canada’s strong democratic institutions, advanced economy, innovative research sectors, and leading academic institutions make Canada an attractive target for cyber-enabled espionage, sabotage, and foreign influenced activities, all of which pose significant threats to Canada’s national security,” the report stated.

Chinese state-sponsored threat actors were cited in the report which warned these groups “continue widespread cyber espionage against a range of sectors and targets within Canada, including government, academic institutions, private industry and civil society organizations.”

The CSIS also identified India, citing “the deterioration in the bilateral relations” between the countries following the potentially Indian state-sponsored assassination of Sikh separatist Hardeep Singh Nijjar, which took place in British Columbia in 2023 — the same province as these three cyberattacks.

However the report stated that to-date CSIS had observed only “low-sophistication cyber operations against Canada by India-aligned non-state cyber actors. There is no indication that the Government of India was responsible for these cyber incidents.”