Global Affairs Canada is scrambling to recover after a multi-day network disruption that security and government sources describe as a “cyber attack.”
While neither Global Affairs nor Canada’s cyber security agency, the Communications Security Establishment, could immediately comment, sources tell Global News the government is concerned the attack was conducted by Russia or Russian-backed hackers.
“GAC has been the target of a cyber attack but it is not clear if the Russians, the alleged perpetrators, hacked into the system or were able to merely disrupt its service,” a national security source, who spoke on the condition they not be named, told Global News.
The Liberal government has been vocal in its support for Ukraine as Russia masses troops on the former Soviet state’s borders, with Ottawa announcing a $120 million loan to the Ukrainian government last week and re-committing Canadian soldiers to train Kyiv’s security forces.
The federal Treasury Board confirmed Global News’ reporting Monday afternoon, acknowledging GAC suffered a “cyber incident” that government and security agencies were still working to mitigate. According to the statement, the incident was detected on Jan. 19.
“Critical services for Canadians through Global Affairs Canada are currently functioning. Some access to internet and internet-based services are not currently available as part of the mitigation measures and work is underway to restore them,” the government statement read.
“At this time, there is no indication that any other government departments have been impacted by this incident.”
Treasury Board said the government would not comment on specific details “for operational reasons.”
Global Affairs has been at the forefront of Ottawa’s pressure campaign against another Russian incursion into Ukrainian territory, with Minister Mélanie Joly spending most of last week meeting with officials in Kyiv.
Late Wednesday evening, the CSE published an updated cyber threat bulletin warning Canadian organizations to bolster their defences.
“(The CSE) is aware of foreign cyber threat activities, including by Russian-backed actors, to target Canadian critical infrastructure network operators, their operational and information technology,” the bulletin read.
When asked if the bulletin was issued in response to a spike in observed cyber-attacks, including by Russian-backed actors, a spokesperson for CSE told Global News they could not discuss the matter for “operational security reasons.”
But the CSE said the bulletin was partially an attempt to “raise awareness and draw further attention to known Russian-backed cyber threat activity, including the tactics, techniques and procedures used to target operational and information technology.”
It’s unlikely that Global Affairs missed the memo. The department works closely with the CSE, given the agency’s mandate to collect foreign intelligence and launch cyber attacks against foreign adversaries.
The CSE’s warning also referenced its assessment, made in 2021, that foreign-backed hackers have made incursions into Canadian critical infrastructure, manufacturing, health and energy networks. The agency assessed it unlikely that foreign states would attempt to disrupt those critical sectors “in the absence of international hostilities.”
With more than 100,000 Russian troops massing on Ukraine’s border, and with diplomatic attempts to stave off an invasion faltering, international hostilities seem more probable than when the CSE initially made that warning.
Speaking to reporters Monday, Prime Minister Justin Trudeau said how the Canadian government can further assist Ukraine will be on the agenda as the Liberal cabinet begins a three-day retreat.
“We’re going to continue to be there to respond in ways that we can, to support Ukraine. This is something that matters deeply to us,” Trudeau said.