Beijing-linked hackers are “very likely” finding their way into U.S. critical infrastructure networks to “pre-position” for a potential conflict with America, according to Canada’s cyber intelligence agency.
The Communications Security Establishment (CSE) said the People’s Republic of China (PRC) is likely integrating cyber operations into its military planning “to gain an advantage … in the event of a major crisis or conflict with the U.S.” The “pre-positioning” refers to gaining access to networks in order to exploit them if the need arises.
Because of Canada’s connection to critical infrastructure networks in the U.S. — such as the transportation, energy and telecommunications sectors — CSE warned in their annual cyber threat report that the alleged compromises are a threat to Canada, too.
“According to U.S. officials, the PRC’s operation is designed to slow the U.S. military’s response and to sow societal panic” in the event of conflict, the report suggested.
“While the focus of future PRC cyber warfare operations will likely be concentrated on the U.S., disruptive or destructive cyber threat activity against integrated North American critical infrastructure … would likely affect Canada as well due to cross-border interoperability and interdependence.”
Allegations that hostile nations are “pre-positioning” themselves in Canadian or allied computer networks are not new, and CSE has spoken publicly about the threat in the past.
But the stark language in the report — that a Beijing-linked hacking group known as “Volt Typhoon” is “almost certainly” already trying to break into U.S. networks as preparation for a potentially significant conflict between the two world superpowers — is striking in itself.
“Volt Typhoon is especially noteworthy because the PRC has not historically conducted disruptive or destructive cyber operations against critical infrastructure,” the report noted.
The report also revealed that over the past four years, 20 networks “associated” with Canadian government departments and agencies have been compromised by PRC-linked hacking groups.
The government of China remains the most “comprehensive” threat to Canadian networks, according to the CSE, and has mounted an “expansive and aggressive cyber program” that includes surveillance, espionage and “attack capabilities.”
“PRC state-sponsored cyber threat actors persistently conduct cyber espionage against federal, provincial, territorial, municipal, and Indigenous government networks in Canada,” the report read.
“PRC cyber threat actors have compromised and maintained access to multiple government networks over the past five years, collecting communications and other valuable information. While all known federal government compromises have been resolved, it is very likely that the actors responsible for these intrusions dedicated significant time and resources to learn about the target networks.”
India emerges as cyber threat
While China remains the biggest threat actor, according to Canadian intelligence, the Indian government did merit some attention in CSE’s 2024 report.
Canada-India relations have been strained in recent months after the assassination of Sikh independence activist and Canadian citizen Hardeep Singh Nijjar. Canadian intelligence officials and Prime Minister Justin Trudeau have suggested that they have information that Nijjar’s killing was connected to Indian government officials, including now-expelled diplomats who were operating in Canada.
But from CSE’s perspective, the Indian government’s ability to mount cyber attacks or exfiltrate information appears limited at this stage.
“India’s leadership almost certainly aspires to build a modernized cyber program with domestic cyber capabilities,” the CSE report reads, suggesting the agency does not believe the country currently has a “modern” cyber program.
“We assess that Indian state-sponsored cyber threat actors likely conduct cyber threat activity against Government of Canada networks for the purpose of espionage. We judge that official bilateral relations between Canada and India will very likely drive Indian state-sponsored cyber threat activity against Canada.”