Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns
Chinese government-backed hackers have compromised at least 20 Canadian government networks over the last four years, Canada’s top cyber agency said Wednesday.
Calling the threat from China in cyberspace “second to none,” the Canadian Centre for Cyber Security (CCCS) said Beijing’s operations “serve high-level political and commercial objectives, including espionage, IP theft, malign influence, and transnational repression.”
Summarized in its National Cyber Threat Assessment 2025-2026, a biennial report intended to warn the public of threats and to guide cybersecurity strategy, the CCCS said Canadian critical infrastructure, industry — including the research and development sector — and government agencies have all been targeted by Chinese actors.
“Provincial and territorial governments are likely a valuable target given that they have decision-making power over regional trade and commerce, including resource extraction (e.g., energy and critical minerals),” the agency said.
Of particular concern to the Canadian government is attempts to conduct espionage on the country’s “innovation ecosystem,” including academic research, government-connected research and development and the private sector.
As “economic tensions rise” between Canada and China, they said, so too will the intensity of espionage activities around the innovation sector.
Just last week, the CCCS warned that over the last few months a Chinese threat actor has been conducting reconnaissance scans against a range of Canadian networks, including those belonging to political parties, the parliament and civil society organizations. The agency didn’t detect compromise but warned the scanning was likely an attempt to discover vulnerabilities. Canada’s next nationwide election is expected in October 2025.
In one high-profile incident cited in the report, in 2021 two Canadian members of the Inter-Parliamentary Alliance on China were targeted for reconnaissance by the state-sponsored APT31 hacking group. The details of that case only emerged when the Department of Justice unsealed indictments against seven people allegedly linked to the group.
Surveillance abroad
State-sponsored hackers are also “very likely” to be supporting China’s efforts to silence and surveil the diaspora and civil society abroad, including through the use of spearphishing emails and spyware against the Uyghur minority group in Canada and elsewhere.
Other targets of such espionage include Falun Gong supporters, Taiwanese independence supporters and Tibetan pro-democracy activists.
“In addition to fulfilling PRC intelligence collection priorities, the information collected is also likely used to support the PRC’s malign influence and interference activities against Canada’s democratic processes and institutions,” the CCCS said.
While critical infrastructure attacks are less likely in Canada as they are in the United States, the agency said, officials are wary of impacts from across the border.
“While the focus of future PRC cyber warfare operations will likely be concentrated on the U.S., disruptive or destructive cyber threat activity against integrated North American critical infrastructure, such as pipelines, power grids, and rail lines, would likely affect Canada as well due to cross-border interoperability and interdependence,” they said.
The agency also highlighted Russian, Iranian and North Korean state-sponsored activity — an echo of intelligence assessments from across the Western political spectrum.
More unusually, it singled out India as entering the global cyber-espionage arena, a likely reflection of souring diplomatic relations between Canada and the government of Prime Minister Narendra Modi.
This month, Canada expelled six Indian diplomats after an investigation into the murder of a Sikh separatist on Canadian soil determined that Indian government agents were involved in threatening South Asians living in the country and using what Prime Minister Justin Trudeau called “clandestine information-gathering techniques.”
In its report, the cyber agency assessed that India aspires “to build a modernized cyber program with domestic cyber capabilities” and that it likely uses it for national interests abroad.
“We assess that Indian state-sponsored cyber threat actors likely conduct cyber threat activity against Government of Canada networks for the purpose of espionage,” they said.
“We judge that official bilateral relations between Canada and India will very likely drive Indian state-sponsored cyber threat activity against Canada.”
James Reddick
has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.