Offering a rare glimpse into the priorities of a top spy agency, Canada’s Communications Security Establishment (CSE) said it conducted a handful of government-sanctioned hacks last year to disrupt the operations of drug traffickers, violent extremists and ransomware gangs.
The revelations in Annual Report of the Canadian Intelligence Service they highlight some of the major national security threats facing Canada and its closest allies: from the importation of illegal drugs to cyber attacks. The spy agency, CSE, is tasked with gathering foreign intelligence, defending government systems and disrupting online adversaries.
Released last week, the report says the CSE conducted three foreign “active cyber operations” last year — the term the agency uses to describe its cyberattacks on overseas businesses that threaten Canadian national security and public safety.
One of the operations, according to the report, targeted cybercriminals outside of Canada who brokered the sale of chemicals used to create the synthetic opioid fentanyl. The CSE collected information about the brokers and then conducted an operation that “disrupted and reduced their ability to operate,” the report said.
Another active operation involved the collection of signals intelligence – data generated by electronics and internet-connected devices – on an extremist group abroad that was spreading violent ideology and recruiting members, including in Canada.
The report said the agency analyzed the group’s organization, reach and potential vulnerabilities to carry out an operation that “successfully undermined the group’s credibility and limited its ability to radicalize and recruit new members.”
Another operation involved disrupting a ransomware-as-a-service operation that allowed hackers to rent access to a ransomware gang’s infrastructure to launch devastating extortion attacks. The CSE said its signals intelligence unit identified how the gang was working against the health, transportation and business sectors in Canada and then used an active cyber operation that “knocked out the group’s infrastructure.” The business also deleted much of the data on the gang’s servers.
The agency said it conducted simultaneous “technical disruptions” to 10 of the most prominent ransomware gangs targeting Canada to “render parts of their infrastructure useless.”
The report did not say where the hackers, extremists or ransomware gang were located, nor the details of the businesses the CSE used to target them. It is not unusual for spy agencies to conduct cyber attacks against their adversaries, but such operations are rarely disclosed or detailed to protect the methods and techniques used.
Maryland-based Fort Meade, which conducts cyber operations for the US government, regularly conducts “forward hunting” operations that involve sending cyber teams to allied nations to secure their networks and disrupt cyber operations launched by adversaries. The number of US-led hunting operations has grown from a handful in 2018 to more than two dozen in 2025.
Canada’s CSE said it also conducted a defensive cyber operation during the year to target a phishing campaign that targeted Canadian federal government institutions and other important systems. The agency said it disrupted the group’s infrastructure and “degraded their ability” to target Canadians.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
