China-backed hackers, identified as Salt Typhoon, have breached Canadian telecommunications infrastructure, raising significant concerns about national security and the integrity of critical systems. Attributing these attacks to a group linked to the Chinese government’s Ministry of State Security, Canadian cybersecurity officials, along with the U.S. FBI, have issued joint advisories regarding Salt Typhoon’s activities. In spite of Beijing’s official denial of involvement, the international backlash includes multiple U.S. sanctions against associated entities.
The scope of the infiltration has compromised three network devices belonging to a Canadian telecommunications company, and investigations suggest that the reach of these attacks extends beyond telecom, potentially impacting several critical infrastructure sectors. This persistent campaign, which has been ongoing for several years, indicates a long-term presence within government and communication networks, where targets appear to span federal, provincial, and Indigenous government systems. Additionally, the cyber threat is expected to persist over the next two years, particularly affecting telecom providers. This includes efforts by the Canadian Centre for Cyber Security to continuously monitor malicious cyber activities targeting Canadian telecoms. Similar to the WebTPA breach that affected 2.4 million individuals, these attacks highlight critical weaknesses in real-time monitoring systems.
Consequently, significant surveillance interests have emerged, affecting domestic telecom providers, data centers, and the internet infrastructure supporting residential users. Experts indicate that the hackers utilized “lawful intercept” systems—typically used by providers to conduct government surveillance—to access voice and data communication metadata.
Significant surveillance interests have emerged, compromising telecom providers and internet infrastructure by exploiting lawful intercept systems.
Furthermore, the attackers have achieved “sufficient access” to internet infrastructure, enhancing their monitoring capabilities within data centers. In spite of telecom carriers’ public affirmations of removing intrusions, officials warn that Salt Typhoon may remain embedded within some systems, utilizing sophisticated tradecraft aligned with state espionage operations aimed at prolonged access and in-depth network reconnaissance.
The implications of such continuing access to communication networks are grave, posing substantial espionage risks regarding sensitive governmental and private communications. This breach highlights the vulnerabilities inherent in Canada’s critical infrastructure, raising concerns about resilience against sophisticated foreign cyber threats.
The Canadian Centre for Cyber Security anticipates prolonged infiltration attempts over the next two years, solidifying fears about jeopardized national interests.
