Ô! China Hacks Canada too, Says CCCS
2024-11-2 00:44:35 Author: securityboulevard.com(查看原文) 阅读量:3 收藏

Canadian “mounties” marching down the streetCanadian Centre for Cyber Security fingers Chinese state  sponsored  hackers.

Canada’s CISA equivalent calls China’s security threat “expansive and aggressive.” Beijing backed groups represent “the most sophisticated and active cyber threat to Canada,” having compromised 20 or more government networks in the past four years.

So says a report produced by the agency. In today’s SB  Blogwatch, we stand on guard for thee.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention:  Kanji.

Plus Brillants Exploits

What’s the craic, eh? James Reddick reports: Chinese state-backed hackers breached 20 Canadian government networks over four years

Silence and surveil
Calling the threat from China in cyberspace “second to none,” … CCCS said Beijing’s operations “serve high-level political and commercial objectives, including espionage, IP theft, malign influence, and transnational repression.” [Its report] said Canadian critical infrastructure, industry … and government agencies have all been targeted by Chinese actors.

CCCS warned that over the last few months a Chinese threat actor has been conducting reconnaissance scans against a range of Canadian networks, including those belonging to political parties, the parliament and civil society organizations. [It] warned the scanning was likely an attempt to discover vulnerabilities.

State-sponsored hackers are also “very likely” to be supporting China’s efforts to silence and surveil the diaspora and civil society abroad, including through the use of spearphishing emails and spyware against the Uyghur minority group in Canada and elsewhere. Other targets … include Falun Gong supporters, Taiwanese independence supporters and Tibetan pro-democracy activists.

What did they do? James Coker has one highlight: Canadian Government Data Stolen By Chinese Hackers

Destructive cyber operations
At least 20 Canadian government networks have been compromised by Chinese state-sponsored threat actors, who have maintained access over the past four years to steal valuable data. … It is believed the attackers dedicated significant time and resources to learn about the target networks. … The report described the PRC as the “most sophisticated and active cyber threat to Canada.”

Canada’s Minister of National Defence, Bill Blair, described a “sharp increase” in both the number and severity of cyber incidents in Canada over the past two years, many of which target essential services. … Similarly to the US, state actors are “pre-positioning” themselves in critical infrastructure networks in Canada for possible disruptive or destructive cyber operations, [CCCS] wrote.

AWS

AWS Hub

Horse’s mouth? CCCS head, Rajiv Gupta: National Cyber Threat Assessment 2025-2026

Building a safer, more secure Canada
It’s hard to believe it’s already been two years since our last report. At first glance, it seems that the cyber threat environment hasn’t changed much. [But] state adversaries are getting bolder and more aggressive.

While our assessments describe trends that should concern anyone who reads about them, … I hope that it also encourages you to reflect on what you can do to contribute to our collective resilience. After all, we all have a role to play in building a safer, more secure Canada.

Very Canadian. u/consistantcanadian is consistently pedagogic:

Every hacking organization on the planet is scanning every machine, all the time. This is how modern day “hacking” works. There’s a bunch of known exploits and they scan till they find a machine that’s exposed.

If you run a website, even one you’ve never told anyone about, you can look at your logs and you will see requests for all kinds of random ****. That’s Russia/China/etc. “scanning your cyber security defenses.”

20 networks, though—is this surprising? This Anonymous Coward isn’t surprised:

Not surprising. If you pay taxes in Canada you likely know about how clunky and inefficient the government websites are. Not surprised at all if hackers got into gov networks. Wouldn’t be surprised … if insiders deliberately made it easier for outsiders to get in. Canadians tend to be very trusting and generally incapable of thinking anyone doesn’t have Canadian interests at heart.

O RLY? rgjnk, too, ponders an “inside job:”

Given the widely publicised links between various Canadian politicians and officials and certain countries, … it’s just as likely the attackers were let straight in through the front door as having broken in. Canada is a definite target and it’s also deeply compromised, and its Government from the top down seems to have little interest in fixing that.

Wait, what? Who has some context for us? Daniel Dorman does: Chinese agents are running Canada

Canadian democracy is in serious trouble. … Not only has China extensively interfered in Canadian institutions (particularly during the last federal election), but [also] Members of Parliament have willingly colluded with various foreign powers against Canada’s interests for personal benefit. The story grows stranger by the day.

China’s interference in Canada’s democratic process … include the creation of community organisations to interfere in specific electoral districts, the defrauding of a nomination election to install a pro-China candidate, and the practice of Chinese proxies skirting election finance laws by encouraging individuals to donate to a specific candidate with a promise they will be paid back.

Canadians risk of losing track of just how serious the threat is. … Canadian democracy is flatlining.

Although fluffernutter has a more prosaic critique:

Also there’s the fact that they regularly promote people to IT because they know spreadsheet macros and speak French.

Meanwhile, u/ShiftyGorillla ROTFLs:

Our cyber defenses are a group of university students doing a goodwill project 🤣

And Finally:

Japanese literal translations are … weird

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to  @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: Nic Amaya (via Unsplash; leveled and cropped)

Recent Articles By Author


文章来源: https://securityboulevard.com/2024/11/canada-china-cccs-richixbw/
如有侵权请联系:admin#unsafe.sh