Canada cyber agency reports offensive hacks abroad
Annual CSE report cites fentanyl brokers extremists and ransomware, operational details remain undisclosed
Images
Zack Whittaker
techcrunch.com
Canada’s Communications Security Establishment carried out three state-authorized “active cyber operations” last year targeting drug traffickers, violent extremists and a ransomware operation, according to TechCrunch citing the agency’s annual report published last week. The report describes disruptions against foreign actors without naming the locations, groups or operational methods.
One operation targeted cybercriminals outside Canada who brokered the sale of chemicals used to make fentanyl. The CSE says it collected intelligence on the brokers and then disrupted their ability to operate. Another operation focused on an overseas extremist group spreading violent ideology and recruiting members, including in Canada; after mapping the group’s organization and vulnerabilities, the CSE says it worked to undermine the group’s credibility and limit recruitment.
A third operation targeted a ransomware-as-a-service setup that let criminals rent access to a gang’s infrastructure. The CSE says the gang had targeted sectors including healthcare, transportation and businesses in Canada, and that the operation rendered parts of its infrastructure inoperable and deleted much of the data on its servers. The report also says the agency ran concurrent technical disruptions against 10 of the most significant ransomware gangs targeting Canada, degrading parts of their infrastructure.
Alongside the offensive actions, the CSE reports one defensive cyber operation aimed at a phishing campaign targeting Canadian federal government institutions and other important systems, disrupting the group’s infrastructure to reduce its ability to target Canadians.
The report’s vagueness is part of the point: governments want the deterrent value of announcing capability without the accountability burden of describing targets, legal thresholds, collateral effects or how success is measured. TechCrunch notes the United States’ Cyber Command conducts comparable operations, including “hunt forward” missions, which have expanded from a handful in 2018 to more than two dozen in 2025.
Canada’s spy agency says it deleted data from criminal servers. The public record does not say whose systems were touched, or what was broken along the way.