Providing a uncommon glimpse on the priorities of a high spy group, Canada’s Communications Safety Institution (CSE) stated it carried out a handful of state-authorized hacks final 12 months with the intention to disrupt the operations of drug traffickers, violent extremists, and a ransomware gang.
The disclosures within the Canadian intelligence agency’s annual report underscore among the foremost nationwide safety threats that face Canada and its closest allies: starting from the import of unlawful medication to cyberattacks. The spy company, CSE, is tasked with accumulating international intelligence, defending authorities techniques, and disrupting on-line adversaries.
Printed final week, the report says the CSE final 12 months carried out three international “energetic cyber operations” — the time period the company makes use of to explain its cyberattacks on abroad operations that threaten Canadian nationwide safety and public security.
One of many operations, per the report, focused cybercriminals outdoors of Canada who had been brokering the sale of chemical substances used to create the artificial opioid fentanyl. The CSE collected intelligence on the brokers, then carried out an operation that “disrupted and diminished their potential to function,” the report stated.
One other energetic operation concerned the gathering of indicators intelligence — knowledge produced from electronics and internet-connected units — on an abroad extremist group that was spreading violent ideology and recruiting members, together with in Canada.
The report stated the company analyzed the group’s group, attain, and potential vulnerabilities to conduct an operation that “efficiently undermined the group’s credibility and restricted their potential to radicalize and recruit new members.”
One other operation concerned disrupting a ransomware-as-a-service operation that permit hackers hire entry to a ransomware gang’s infrastructure to launch harmful extortion assaults. The CSE stated its indicators intelligence unit recognized how the gang labored in opposition to the healthcare, transportation, and enterprise sectors in Canada, then used an energetic cyber operation that “rendered the group’s infrastructure inoperable.” The operation additionally deleted a lot of the information on the gang’s servers.
The company stated it undertook concurrent “technical disruptions” in opposition to 10 of probably the most vital ransomware gangs concentrating on Canada to “make elements of their infrastructure unusable.”
The report didn’t say the place the hackers, extremists, or the ransomware gang had been positioned, or the specifics of the operations that the CSE used to focus on them. It’s not unusual for spy businesses to conduct cyberattacks in opposition to their adversaries, however such operations are seldom disclosed or detailed to guard the strategies and strategies used.
Fort Meade, Maryland-based Cyber Command, which conducts cyber operations for the U.S. authorities, frequently carries out “hunt ahead” operations that contain sending cyber groups to allied nations to safe their networks and disrupt cyber operations launched by adversaries. The variety of U.S.-led hunt-forward operations have risen from a number of handful throughout 2018 to more than two dozen during 2025.
Canada’s CSE stated it additionally carried out one defensive cyber operation through the 12 months to focus on a phishing marketing campaign geared toward Canadian federal authorities establishments and different essential techniques. The company stated it disrupted the group’s infrastructure and “degraded their potential” to focus on Canadians.
While you buy by means of hyperlinks in our articles, we may earn a small commission. This doesn’t have an effect on our editorial independence.

