Canada targeted by same Chinese hackers the U.S., U.K. accuse of cyberespionage that hit millions
'No country is immune from the threat of cyber attacks,' said Public Safety Minister Dominic LeBlanc
Canada's electronic intelligence agency says the same hacking group that the U.K. and the U.S. have accused of a widespread cyberespionage campaign tied to Beijing has also targeted Canada.
U.S. and British officials on Monday imposed sanctions, filed charges and accused China's government of involvement in the cyberattacks that hit millions of people including lawmakers, journalists, academics and defence contractors.
Authorities on both sides of the Atlantic call the hacking group that is allegedly involved Advanced Persistent Threat 31 or APT31. The U.K. and U.S. allege that the group is an arm of China's Ministry of State Security.
The Communications Security Establishment (CSE) — the agency responsible for foreign signals intelligence, cyber operations and cyber security — confirmed that APT31 also targeted Canada.
"The Cyber Centre generally does not comment on specific cyber security incidents, however, we can confirm that we have seen malicious activity by this same threat actor targeting Canada," said CSE spokesperson Nayeli Sosa in a statement to CBC News.
CBC News asked CSE to disclose when Canada was targeted, how many people were hit and what the impact was. CSE responded Wednesday night.
"Unfortunately, we are unable to provide any additional details," the CSE said in a media statement.
"We can, however, assure Canadians that the Cyber Centre uses a variety of advanced capabilities to detect and mitigate malicious cyber activity on government networks, systems, and infrastructure.
"If we find malicious activity, we take action to stop it, such as directing our network sensors to block it automatically."
CSE said it then warns the government and critical infrastructure IT leaders by issuing confidential notices with "mitigation advice and guidance."
Canadian Public Safety Minister Dominic LeBlanc said Tuesday he was part of a Five Eyes meeting Monday night that included the U.S. secretary for Homeland Security and British home secretary. The Five Eyes is an intelligence sharing network made up of the U.S., the U.K., Canada, Australia and New Zealand.
LeBlanc said no country is immune to threats of cyberattacks.
"We continue to work as a group of Five Eyes countries in terms of building up the resilience for critical infrastructure," he said.
"China is certainly one of the threat actors in this area but they're not alone. There are other countries that are active in this spaces well."
LeBlanc said one of the best moves Canada can make is to "invest in the best cyber defence possible" and share what it has learned with its Five Eye allies.
CSE said the Canadian Centre for Cyber Security also publishes cyber alerts that detail ongoing threats when possible, but did not do so in this case.
CBC News asked Global Affairs Canada if it's considering sanctions in line with the UK and U.S. The department would only say on Thursday it's "judicious in its approach to imposing sanctions and committed to their effective and coordinated use when appropriate."
The aim of the global hacking operation was to "repress critics of the Chinese regime, compromise government institutions and steal trade secrets," Deputy U.S. Attorney General Lisa Monaco said in a statement.
The targets included U.S. senators, White House staffers, British parliamentarians and government officials who have criticized China's government, U.S. and U.K. officials said. Spouses of senior U.S. officials and lawmakers were also targeted, the officials said.
American officials said that the hackers' decade-plus spying spree compromised a variety of U.S. companies, including American steel, energy and apparel firms. Among the targets were leading providers of 5G mobile telephone equipment and wireless technology.
In an indictment unsealed on Monday against seven of the alleged Chinese hackers, U.S. prosecutors in court said the hacking resulted in the confirmed or potential compromise of work accounts, personal emails, online storage and telephone call records belonging to millions of Americans.
Britain and U.S. impose sanctions
Officials in London accused APT31 of hacking British lawmakers critical of China and said that a second group of Chinese spies was behind the hack of Britain's electoral watchdog that separately compromised the data of millions more people in the United Kingdom.
Chinese diplomats in Britain and the U.S. dismissed the allegations as unwarranted. The Chinese Embassy in London called the charges "completely fabricated and malicious slanders."
Both Britain and the U.S. imposed sanctions on a firm they said was a Ministry of State Security front company tied to the alleged malicious hacking.
The sanctions are on Wuhan Xiaoruizhi Science and Technology, as well as on two Chinese nationals, the U.S. Treasury Department said in a statement.
"Today's announcement exposes China's continuous and brash efforts to undermine our nation's cybersecurity and target Americans and our innovation," FBI Director Christopher Wray said in a statement.
An independent inquiry into foreign electoral interference in Ottawa resumes Tuesday.
The commission is investigating allegations China, Russia and other countries meddled in the past two federal elections and how information about foreign influence flowed within the government.
The commission will hear from diaspora community groups that say foreign actors have been preying on them.
With files from Reuters