CSE urges the Canadian cyber security community to be vigilant on two-year mark of Russia’s full-scale invasion of Ukraine

The Communications Security Establishment (CSE) is urging Canadian organizations to be vigilant and to bolster their protection against malicious cyber threats around the two-year mark of Russia’s full-scale invasion of Ukraine.

CSE’s Canadian Centre for Cyber Security (Cyber Centre) is specifically warning Canadian organizations and critical infrastructure operators to be prepared for the possible disruption and defacement of websites by cyber threat actors aligned with Russian interests. Additionally, the Cyber Centre is urging critical infrastructure operators to be aware that Internet-connected operational technology (OT) devices are discoverable and a potential target of Russia-aligned cyber activity. Activity could include the use of low-sophistication brute force access techniques (for example, T1110 of Mitre Att&ck) to abuse valid or default accounts on exposed OT devices.

In the past two years, the Cyber Centre has observed cyber activity from a range of actors related to Russia’s invasion of Ukraine, including activity in Canada. This has included malicious cyber activity directed at critical infrastructure networks as well as strategically timed distributed denial-of-service attacks (DDoS) against government and business websites. We have also observed and reported on the proliferation of a new category of ideologically motivated, pro-Russia non-state cyber groups that conduct malicious activity against Russia’s perceived enemies. These state-aligned actors are usually less sophisticated than state-sponsored groups and operate without oversight, leading to unpredictable actions and a higher tolerance for risk.

Recommended actions

The Cyber Centre continues to share valuable cyber threat information throughout the year with Canadian critical infrastructure and government partners via protected channels. We also actively monitor the cyber threat environment in Canada and globally. We encourage any Canadian organizations who believe they may have been targeted by cyber threat activity to contact the Cyber Centre at contact@cyber.gc.ca or 1-833-CYBER-88.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: