Canada's CSE Reveals State-Authorized Cyberattacks Against Drug Traffickers, Extremists, and Ransomware Gangs
نظرة سريعة
Canada's Communications Security Establishment (CSE) disclosed conducting three state-authorized foreign cyber operations last year, targeting fentanyl brokers, violent extremist recruiters, and a ransomware-as-a-service gang to disrupt their operations and protect national security.
ملخص مُنشأ بالذكاء الاصطناعي
لماذا يهم
Canada's Communications Security Establishment (CSE) released its annual report, detailing state-authorized cyber operations conducted last year to counter national security threats. These disclosures offer a rare look into the priorities and methods of a top spy organization.
Offering a rare glimpse at the priorities of a top spy organization, Canada’s Communications Security Establishment said it conducted a handful of state-authorized hacks last year in order to disrupt the operations of drug traffickers, violent extremists, and a ransomware gang.
The disclosures in the Canadian intelligence agency’s annual report underscore some of the main national security threats that face Canada and its closest allies: ranging from the import of illegal drugs to cyberattacks. The spy agency, CSE, is tasked with collecting foreign intelligence, defending government systems, and disrupting online adversaries.
Published last week, the report says the CSE last year carried out three foreign “active cyber operations” — the term agency uses to describe its cyberattacks on overseas operations that threaten Canadian national security and public safety.
One of the operations, per the report, targeted cybercriminals outside of Canada who were brokering the sale of chemicals used to create the synthetic opioid, fentanyl. The CSE collected intelligence on the brokers, then conducted an operation that “disrupted and diminished their ability to operate,” the report said.
Another active operation involved the collection of signals intelligence — data produced from electronics and internet-connected devices — on an overseas extremist group that was spreading violent ideology and recruiting members, including in Canada.
The report said the agency analyzed the group’s organization, reach, and potential vulnerabilities to conduct an operation that “successfully undermined the group’s credibility and limited their ability to radicalize and recruit new members.”
Another operation involved disrupting a ransomware-as-a-service operation that let hackers rent access to a ransomware gang’s infrastructure to launch destructive extortion attacks. The CSE said its signals intelligence unit identified how the gang worked against the healthcare, transportation, and business sectors in Canada, then used an active cyber operation that “rendered the group’s infrastructure inoperable.” The operation also deleted much of the data on the gang’s servers.
The agency said it undertook concurrent “technical disruptions” against 10 of the most significant ransomware gangs targeting Canada to “make parts of their infrastructure unusable.”
The report did not say where the hackers, extremists or the ransomware gang were located, or the specifics of the operations that the CSE used to target them. It’s not uncommon for spy agencies to conduct cyberattacks against their adversaries, but such operations are seldom disclosed or detailed to protect the methods and techniques used.
Fort Meade, Maryland-based Cyber Command, which conducts cyber operations for the U.S. government, regularly carries out “hunt forward” operations that involve sending cyber teams to allied nations to secure their networks and disrupt cyber operations launched by adversaries. The number of U.S.-led hunt forward operations have risen from a few handful during 2018 to more than two dozen during 2025.
Canada’s CSE said it also carried out one defensive cyber operation during the year to target a phishing campaign aimed at Canadian federal government institutions and other important systems. The agency said it disrupted the group’s infrastructure and “degraded their ability” to target Canadians.
أسئلة مفتوحة
- Specific locations of targets?
- Exact methods used in operations?
- Identities of the 10 ransomware gangs?






