May 24, 2023 – Ottawa – Canadian Centre for Cyber Security  (part of the Communications Security Establishment (CSE)) are warning Canadians of a significant threat from a state-sponsored cyber threat  actor associated with the People’s Republic of China.

CSE has joined its Five Eyes partners – Australia, New Zealand, the United Kingdom and the United States – to issue an advisory with guidance to identify the threat and best practices that can be used to detect this actor’s activity.

The actor is targeting critical infrastructure  operators in the United States. The Cyber Centre has no reports of Canadian victims at this time. However, western economies are deeply interconnected. Much of our infrastructure is closely integrated and an attack on one can impact the other.

The warning is especially important because the actor is using a method that’s difficult to detect, known as living off the land. It takes advantage of built-in network administration tools to move through systems, so any action can look like normal activity.

The Cyber Centre is sharing detection  techniques and mitigation advice so that organizations can protect themselves. We urge critical infrastructure operators to read the technical alert.

Canadians can be assured that CSE works closely with Five Eyes and critical infrastructure partners to share information and help keep Canadians safe online.

As noted in the 2023-24 National Cyber Threat Assessment, the state-sponsored cyber programs of China, Russia, Iran, and North Korea pose the greatest strategic cyber threats to Canada. State-sponsored cyber threat activity against Canada is a constant, ongoing threat that is often a subset of larger, global campaigns undertaken by these states.

More information on this joint advisory (PDF).