CSE calls on Canadian organizations and critical infrastructure providers to strengthen defences on fourth anniversary of Russia’s invasion of Ukraine

The Communications Security Establishment Canada (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) are urging Canadian organizations to stay vigilant and strengthen their defences against malicious cyber threats as the four-year mark of Russia's full-scale invasion of Ukraine approaches.

Over the past four years, the Cyber Centre has observed pro-Russia cyber actors targeting countries, including Canada, that support Ukraine. These activities have affected government and military agencies, private and public sector organizations, and critical infrastructure networks in Canada. Russian cyber threat actors have also attempted to disrupt services to Canadians by targeting cloud-based platforms, supply chains, and Internet-facing systems, including through distributed denial of service (DDoS) attacks.

As we previously reported, we continue to see ideologically motivated, pro-Russia non-state cyber groups conducting malicious activity against perceived enemies. These groups are generally less sophisticated than state-sponsored actors but act independently, leading to unpredictability and a higher tolerance for risk.

Canadian organizations and critical infrastructure operators should remain vigilant to threats posed by cyber actors aligned with Russian interests and prepare for potential service disruptions, website defacement and increased ransomware activity. Operators of Internet-connected operational technology (OT) devices should remain alert, as these systems are easily discoverable and vulnerable to cyber threats.

We urge all Canadian organizations to implement appropriate measures now to defend against threats from Russian-aligned cyber actors.

Recommended actions

• Adopt the Cyber Centre's Cross-Sector Cyber Security Readiness Goals
• Follow the Cyber Centre's guidance on:
  • Ransomware
  • IT incident response
  • Website defacement
  • Distributed denial-of-service attacks
• Consult the Cyber Centre's top 10 security actions to protect Internet-connected networks and information with special attention to:
  • Consolidating, monitoring and defending Internet gateways
  • Segmenting information
  • Isolating web-facing applications
• Review joint guidance on:
  • Secure connectivity principles for operational technology
  • Creating and maintaining a definitive view of your operational technology architecture
  • Pro-Russia hacktivists conducting opportunistic attacks on global critical infrastructures
• Consult the Cyber Centre's backgrounder on malicious cyber activity targeting Canadian critical infrastructure and security considerations for critical infrastructure, focusing on:
  • Isolating components, services and systems
  • Maintaining and testing offline backups
  • Developing an incident response plan
  • Monitoring IT and OT environments and enabling logging
• Take note of the Cyber Centre's alert on Internet-accessible industrial control systems abused by hacktivists
• Review perimeter network systems for signs of suspicious activity
• Report cyber incidents to the Cyber Centre

The Cyber Centre continues to share cyber threat information with Canadian critical infrastructure and government partners via protected channels throughout the year. We actively monitor the cyber threat environment in Canada and globally. Canadian organizations that believe they may have been targeted by cyber threat activity should contact the Cyber Centre by email at contact@cyber.gc.ca or by phone at 1-833-CYBER-88.

Related resources

• National Cyber Threat Assessments
• Ransomware Threat Outlook 2025-2027
• Cyber threats to Canada's water systems