At least 20 Canadian government networks have been compromised by Chinese state-sponsored threat actors, who have maintained access over the past four years to steal valuable data.
The Canadian Centre for Cyber Security (Cyber Centre) confirmed the compromises in its National Cyber Threat Assessment 2025-2026.
The Cyber Centre noted that the threat actors targeted information to advance Chinese Communist Party (CCP) strategic, economic and diplomatic interests, and provide them an advantage in China-Canada bilateral relations and commercial matters.
In addition to espionage, the data gathered is likely used to support the People’s Republic of China’s (PRC) malign influence and interference activities against Canada’s democratic processes and institutions.
It is believed the attackers dedicated significant time and resources to learn about the target networks.
All known federal government compromises have been resolved, the Cyber Centre confirmed.
The report described the PRC as the “most sophisticated and active cyber threat to Canada”.
It highlighted espionage attacks against Canada’s private sector, academia, supply chains, and government-affiliated research and development (R&D).
The federal government said it is very likely that PRC threat actors have stolen commercially sensitive data from Canadian firms and institutions.
The Cyber Centre has also observed Chinese-state sponsored hackers targeting individuals, particularly politicians, activists, journalists and diaspora communities the PRC views as security threats.
Tactics used against such individuals include spear phishing and spyware to monitor and harass these individuals online.
India Accused of Plotting Attacks Against Canada
Alongside rising state-sponsored attacks by China, Russia, Iran and North Korea, the report identified India as an emerging cyber-threat to Canada.
The Cyber Centre assessed that growing geopolitical tensions between Canada and India will drive Indian state-sponsored attacks against Canadian government networks.
These tensions include allegations that the Indian government is using cyber technology to target Sikh separatists based in Canada.
“India’s leadership almost certainly aspires to build a modernized cyber program with domestic cyber capabilities. India very likely uses its cyber program to advance its national security imperatives, including espionage, counterterrorism, and the country’s efforts to promote its global status and counter narratives against India and the Indian government,” the report said.
It is believed that India’s cyber program likely leverages commercial cyber vendors to enhance its operations.
Increase in Volume and Severity of Attacks
In a report foreword, Canada’s Minister of National Defence, Bill Blair, described a “sharp increase” in both the number and severity of cyber incidents in Canada over the past two years, many of which target essential services.
The report highlighted how state-sponsored cyber operations against Canada extend beyond espionage to disruptive attacks, including denying service, deleting or leaking data, and manipulating industrial control systems.
Similarly to the US, state actors are “pre-positioning” themselves in critical infrastructure networks in Canada for possible disruptive or destructive cyber operations.
“We assess that our adversaries very likely consider civilian critical infrastructure to be a legitimate target for cyber sabotage in the event of a military conflict,” the Cyber Centre wrote.
Read now: CISA Warns Critical Infrastructure Leaders of Volt Typhoon