Cyber-Attack on Global Affairs Canada
Cyber-criminals have attacked the federal government entity responsible for Canada’s diplomatic and global relations.
Global Affairs Canada was hit on Wednesday – one day before the Canadian Centre for Cyber Security issued a cyber-threat bulletin urging critical infrastructure operators to strengthen their defenses against known Russian-based cyber-threat activity.
“The Canadian Centre for Cyber Security encourages the Canadian cybersecurity community – especially critical infrastructure network defenders – to bolster their awareness of and protection against Russian state-sponsored cyber threats,” stated the bulletin.
Confirmation of the attack came on Monday via the Treasury Board of Canada, which said that “mitigation actions were taken” in response to the incident.
The digital assault left some diplomats without access to certain online services, according to news source The Star.
Canada’s federal government has not said who it believes is responsible for the attack.
In a statement to ABC News, the Treasury Board said: “We are constantly reviewing measures to protect Canadians and our critical infrastructure from electronic threats, hacking, and cyber espionage. We encourage all government and non-government partners to use cyber security best practices.”
The attack came as the United States Department of Homeland Security warned that the US response to a possible Russian invasion of Ukraine could make the US a target of cyber-attacks by the Russian government and its proxies.
A DHS Intelligence and Analysis bulletin sent to law enforcement agencies around the country and viewed by ABC News said: “We assess that Russia would consider initiating a cyber-attack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security.”
Commenting on the bulletin, Tim Erlin, VP of strategy as Tripwire said: “The cybersecurity industry has gotten used to tossing around the idea of ‘nation-state’ adversaries, but I think we’ve yet to see cyber-attacks used in concert with a full-fledged military campaign.
“DHS’s warning sets that expectation that something has changed in the threat profile and that organizations should be prepared for a change in the types of attacks they see.”
Erlin warned that simply issuing an alert “doesn’t magically remove the obstacles that are preventing organizations from implementing solid security controls.”
More Stories
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google...
Friday Squid Blogging: Sunscreen from Squid Pigments
They’re better for the environment. Blog moderation policy. Read More
Compromising the Secure Boot Process
This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than...
Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain
Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of...
Hacktivists Claim Leak of CrowdStrike Threat Intelligence
CrowdStrike has acknowledged the claims by the USDoD hacktivist group, which has provided a link to download the alleged threat...
CrowdStrike Falcon Outage Exploited for Social Engineering
Cyber threat actors are exploiting the CrowdStrike Falcon outage to conduct social engineering attacks. Here's what the CIS CTI team...