Canadian Spy Agency Hacked Drug Traffickers, Extremists, and Ransomware Gang Last Year


Source: Zack Whittaker / techcrunch.com

Canadian Spy Agency Conducts State-Authorized Hacks to Disrupt Threats

Canada’s Communications Security Establishment (CSE) has provided a rare glimpse into its priorities, revealing that it conducted a handful of state-authorized hacks last year to disrupt the operations of drug traffickers, violent extremists, and a ransomware gang.

The disclosures in the CSE’s annual report underscore the main national security threats facing Canada and its closest allies, including the import of illegal drugs and cyberattacks.

The CSE, tasked with collecting foreign intelligence, defending government systems, and disrupting online adversaries, conducted three foreign ‘active cyber operations’ in 2023.

One of the operations targeted cybercriminals outside of Canada who were brokering the sale of chemicals used to create the synthetic opioid, fentanyl. The CSE collected intelligence on the brokers and conducted an operation that ‘disrupted and diminished their ability to operate,’ according to the report.

Another active operation involved the collection of signals intelligence on an overseas extremist group that was spreading violent ideology and recruiting members, including in Canada. The CSE analyzed the group’s organization, reach, and potential vulnerabilities to conduct an operation that ‘successfully undermined the group’s credibility and limited their ability to radicalize and recruit new members.’

Another operation involved disrupting a ransomware-as-a-service operation that allowed hackers to rent access to a ransomware gang’s infrastructure to launch destructive extortion attacks. The CSE said its signals intelligence unit identified how the gang worked against the healthcare, transportation, and business sectors in Canada, then used an active cyber operation that ‘rendered the group’s infrastructure inoperable.’ The operation also deleted much of the data on the gang’s servers.

The agency said it undertook concurrent ‘technical disruptions’ against 10 of the most significant ransomware gangs targeting Canada to ‘make parts of their infrastructure unusable.’

The report did not disclose the location of the hackers, extremists, or the ransomware gang, nor the specifics of the operations used to target them. This is not uncommon for spy agencies, which often conduct cyberattacks against adversaries but seldom disclose or detail the methods and techniques used.

The CSE also carried out one defensive cyber operation during the year to target a phishing campaign aimed at Canadian federal government institutions and other important systems. The agency said it disrupted the group’s infrastructure and ‘degraded their ability’ to target Canadians.

The report highlights the growing threat of cyberattacks and the importance of national security agencies like the CSE in protecting Canada’s interests.

The CSE’s actions demonstrate the agency’s commitment to disrupting threats to national security and public safety, and its willingness to take proactive measures to protect Canadians from harm.

In related news, the U.S. government’s Cyber Command has been conducting ‘hunt forward’ operations to secure allied nations’ networks and disrupt cyber operations launched by adversaries.

The number of U.S.-led hunt forward operations has risen from a few handful during 2018 to more than two dozen during 2025.