Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124

In offering a rare glimpse into the priorities of a major spy organization, Canada’s Communications Security Corporation said it conducted a number of state-authorized intrusions last year in order to disrupt the operations of drug traffickers, violent extremists and ransomware gangs.
Disclosures in Annual report of the Canadian Intelligence Agency Highlighting some of the major national security threats facing Canada and its closest allies: from the importation of illicit drugs to cyberattacks. The spy agency, CSE, is charged with collecting foreign intelligence, defending government systems, and disrupting adversaries online.
Last year, CSE conducted three foreign “active cyber operations” — the term the agency uses to describe its cyberattacks on foreign operations that threaten Canadian national security and public safety, says the report published last week.
One operation, according to the report, targeted cybercriminals outside Canada who were brokering the sale of chemicals used to manufacture the synthetic opioid, fentanyl. The SEC gathered intelligence on the brokers, then conducted an operation that “disrupted and diminished their ability to operate,” the report said.
Another active operation involved collecting intelligence signals — data generated from electronics and internet-connected devices — about an extremist group abroad that was spreading a violent ideology and recruiting members, including in Canada.
The report said that the agency analyzed the group’s organization, extent of its spread, and potential weaknesses to conduct an operation that “succeeded in undermining the group’s credibility and reducing its ability to radicalize and recruit new members.”
Another involved disrupting a ransomware-as-a-service operation that allows hackers to rent access to a ransomware gang’s infrastructure to launch devastating extortion attacks. CSE said its signals intelligence unit identified how the gang operated against Canada’s healthcare, transportation and business sectors, then used an active cyber operation that “rendered the group’s infrastructure inoperable.” The operation also led to the deletion of a lot of data on the gang’s servers.
The agency said it conducted simultaneous “technical disruptions” against 10 of the top ransomware gangs targeting Canada “to render parts of their infrastructure unusable.”
The report did not mention the whereabouts of the hackers, extremists, or ransomware gang, or details of the operations CSE used to target them. It is not uncommon for spy agencies to launch cyberattacks against their adversaries, but such operations are rarely disclosed or detailed to protect the methods and techniques used.
Cyber Command at Fort Meade, Maryland, which conducts cyber operations for the US government, regularly conducts “forward hunt” operations that involve sending cyber teams to allied nations to secure their networks and disrupt adversaries’ cyber operations. The number of US-led manhunts rose from a handful during 2018 to More than twenty during 2025.
Canada’s CSE said it also conducted one defensive cyber operation during the year to target a phishing campaign that targeted Canadian federal government institutions and other critical systems. The agency said it disrupted the group’s infrastructure and “weakened its ability” to target Canadians.
When you make a purchase through the links in our articles, We may earn a small commission. This does not affect our editorial independence.