Canadian intelligence agency reports it infiltrated drug smugglers, extremists, and a ransomware group last year.

Canadian intelligence agency reports it infiltrated drug smugglers, extremists, and a ransomware group last year.

Providing a unique insight into the focus areas of a leading intelligence agency, Canada’s Communications Security Establishment revealed that it executed several state-sanctioned hacks last year aimed at disrupting the activities of drug dealers, violent extremists, and a ransomware group.

The revelations in the Canadian intelligence agency’s yearly report highlight some of the primary national security challenges confronting Canada and its allies: from the trafficking of illegal substances to cyber threats. The agency, CSE, is responsible for gathering foreign intelligence, safeguarding governmental systems, and countering online threats.

Released last week, the report indicates that the CSE performed three foreign “active cyber operations” last year — a term the agency employs to describe its cyber offensives against external threats to Canadian national security and public safety.

One operation mentioned in the report targeted cybercriminals outside Canada involved in the trade of chemicals necessary for producing the synthetic opioid, fentanyl. The CSE gathered intelligence on these brokers and subsequently executed an operation that “disrupted and reduced their operational capabilities,” as stated in the report.

Another active operation focused on gathering signals intelligence — information generated by electronics and devices connected to the internet — pertaining to a foreign extremist organization that was disseminating violent ideologies and enlisting members, including in Canada.

The report detailed how the agency assessed the group’s structure, influence, and potential weaknesses to carry out an operation that “effectively undermined the group’s credibility and restricted their capacity to radicalize and recruit new followers.”

Another initiative aimed at dismantling a ransomware-as-a-service operation that allowed hackers to lease access to a ransomware group’s infrastructure for launching damaging extortion schemes. The CSE noted that its signals intelligence unit uncovered the gang’s methods of targeting the healthcare, transportation, and business sectors in Canada, then employed an active cyber operation that “rendered the group’s infrastructure inoperable.” This operation also eliminated much of the information stored on the gang’s servers.

The agency reported that it carried out simultaneous “technical disruptions” against 10 of the most significant ransomware groups threatening Canada to “render parts of their infrastructure unusable.”

The report did not specify the locations of the hackers, extremists, or ransomware group, nor the specifics of the operations employed by the CSE against them. While it is common for intelligence agencies to launch cyberattacks against adversaries, such operations are rarely disclosed or detailed to safeguard the tactics and strategies utilized.

Cyber Command, based in Fort Meade, Maryland, which conducts cyber operations for the U.S. government, frequently carries out “hunt forward” missions that involve deploying cyber teams to partner nations to secure their networks and disrupt adversarial cyber campaigns. The frequency of U.S.-led hunt forward operations has increased from a handful in 2018 to over two dozen by 2025.

Additionally, Canada’s CSE stated that it executed one defensive cyber operation over the past year aimed at a phishing campaign targeting Canadian federal government entities and other critical systems. The agency reported it thwarted the group’s infrastructure and “diminished their capacity” to target Canadians.

When you make purchases through links in our articles, we may receive a small commission. This does not influence our editorial freedom.

Leave a Reply