Canada and Allies Identify China as Responsible for Cyber-Compromise

Cyber security is one of the most serious economic and national security challenges facing Canada and its allies. The Government of Canada, through the joint efforts of the Communications Security Establishment (CSE), its Canadian Centre for Cyber Security (Cyber Centre), and other departments and agencies, is working to create a safer and more secure cyber space for all.

Today, many of Canada’s allies and partners have made statements concerning the compromise of several Managed Service Providers. CSE also assesses that it is almost certain that actors likely associated with the People’s Republic of China (PRC) Ministry of State Security (MSS) are responsible for the compromise of several Managed Service Providers (MSP), beginning as early as 2016.

MSPs are an attractive, high-value target for threat actors. This is because MSPs typically have extensive access to multiple client networks in order to perform their job of IT specialist. The compromise of one MSP can affect multiple clients globally and provides a threat actor with access to multiple client systems and large amounts of sensitive data, leading to loss of proprietary information, disruption to business operations, financial loss, and potential harm to the affected organization’s reputation.

Upon detection of this cyber threat, CSE and the Canadian Cyber Incident Response Centre (CCIRC), which is now part of the Cyber Centre, reached out to MSPs in Canada to inform them of the threat and assist, as necessary. In early 2017, Canadian federal cyber security leads published guidance and advised Canadian industry partners on best practices for contracting with MSPs. That advice is still valid, and today the Cyber Centre is providing supplemental information in this Cyber Bulletin for both MSPs and clients of MSPs.

The government of Canada puts the safety and security of Canadians above all else and today’s attribution and new guidance published for MSPs is about ensuring Canadians and Canadian businesses are protected to the fullest extent possible. With this in mind, the Cyber Centre works as a single unified source of expert advice, guidance, and services and support on cyber security, and works closely with its partners in government, critical infrastructure, the private sector, and all Canadians to help defend Canadian networks against cyber threats like this one.

Cyber security remains a team effort, and the Cyber Centre always takes the opportunity to invite individual Canadians to read and follow our Top 10 IT Security Actions for important tips that will help protect against cyber threats. Canada will continue to work with its allies to address malicious cyber activity that undermines Canada’s national and economic security.