Canada’s National Research Council announced last week that it had been hacked by what Canadian CIO Corinne Charette called a “highly sophisticated Chinese state-sponsored actor.”
Canada’s National Research Council announced last week that it had been hacked by what Canadian CIO Corinne Charette called a “highly sophisticated Chinese state-sponsored actor.” Communications Security Establishment Canada discovered the attack and it seems that no other government organizations have been affected, but precautions are being taking to secure federal systems nonetheless.
The NRC’s computers operate outside the network used by the Canadian government as a whole, according to a statement released by Charette, but the council’s IT systems are being isolated in an effort to keep other agencies from being affected. According to a CTV report, NRC president John McDougall informed employees that “any information held in our systems, including employees’ personal information, may have been compromised.”
Areas of research the NRC is involved in include energy and mining industries, the aerospace sector and information and communication technology, as well as security and disruptive technologies. The latter is most likely what made the organization a target by cybercriminals. The NRC has said it making an effort to rebuild its IT infrastructure, which could take as long as a year according to a statement released by the council.
Hackers not only looking to steal
Jean-Philippe Vergne, an assistant professor at the Ivey School of Business who studies online piracy threats, said in an interview with the Toronto Star that state-sponsored cyberattacks serve two purposes. The first is to steal any sensitive information that may be available, and the second is to test the capabilities of other countries’ security systems. According to Vergne, these types of attacks are incredibly common.
“It’s just a decision on the side of government organizations to reveal when it’s happening and choose appropriate times to make it public,” said Vergne. “But it’s a daily thing.”
The recent attack on the NRC is not the first time the Canadian government has been targeted by malicious actors working for China. The Finance Department and Treasury Board were taken offline by the government after foreign hackers were able to gain access to highly sensitive information. That same attack also affected a civilian agency, Defense Research and Development Canada, that works in partnership with the Department of National Defense. DRDC assists the Canadian Forces with their scientific and technological needs, making them a high-profile target. It was later determined that both attacks were the work of Chinese actors.
The history of attacks on Canadian government systems highlights the need for security information and event management to monitor sensitive networks and identify malicious activity. Had the NRC’s systems been checked in real time, the breach may have been detected earlier or prevented altogether.