cross-posted from: https://scribe.disroot.org/post/4876841

Canada is confronting an expanding and complex cyber threat landscape with a growing cast of malicious and unpredictable state and non-state cyber threat actors, from cybercriminals to hacktivists, that are targeting our critical infrastructure and endangering our national security, the Canadian Centre for Cyber Security (Cyber Centre) says in its National Cyber Threat Assessment 2025-2026. The threat assessment is based on information available as of September 20, 2024.

Key judgements:

• Canada’s state adversaries are using cyber operations to disrupt and divide. State-sponsored cyber threat actors are almost certainly combining disruptive computer network attacks with online information campaigns to intimidate and shape public opinion. State-sponsored cyber threat actors are very likely targeting critical infrastructure networks in Canada and allied countries to pre-position for possible future disruptive or destructive cyber operations.
• The People’s Republic of China’s (PRC) expansive and aggressive cyber program presents the most sophisticated and active state cyber threat to Canada today. The PRC conducts cyber operations against Canadian interests to serve high-level political and commercial objectives, including espionage, intellectual property (IP) theft, malign influence, and transnational repression. Among our adversaries,** the PRC cyber program’s scale, tradecraft, and ambitions in cyberspace are second to none**.
• Russia’s cyber program furthers Moscow’s ambitions to confront and destabilize Canada and our allies. Canada is very likely a valuable espionage target for Russian state-sponsored cyber threat actors, including through supply chain compromises, given Canada’s membership in the North Atlantic Treaty Organization, support for Ukraine against Russian aggression, and presence in the Arctic. Pro-Russia non-state actors, some of which we assess likely have links to the Russian government, are targeting Canada in an attempt to influence our foreign policy.
• Iran uses its cyber program to coerce, harass, and repress its opponents, while managing escalation risks. Iran’s increasing willingness to conduct disruptive cyber attacks beyond the Middle East and its persistent efforts to track and monitor regime opponents through cyberspace present a growing cyber security challenge for Canada and our allies.
• The Cybercrime-as-a-Service (CaaS) business model is almost certainly contributing to the continued resilience of cybercrime in Canada and around the world. The CaaS ecosystem is underpinned by flourishing online marketplaces where specialized cyber threat actors sell stolen and leaked data and ready-to-use malicious tools to other cybercriminals. This has almost certainly enabled a growing number of actors with a range of capabilities and expertise to carry out cybercrime attacks and evade law enforcement detection.
• Ransomware is the top cybercrime threat facing Canada’s critical infrastructure. Ransomware directly disrupts critical infrastructure entities’ ability to deliver critical services, which can put the physical and emotional wellbeing of victims in jeopardy. In the next two years, ransomware actors will almost certainly escalate their extortion tactics and refine their capabilities to increase pressure on victims to pay ransoms and evade law enforcement detection.___