Canadian spy agency says it hacked drug traffickers, extremists, and a ransomware gang last year

Canadian spy agency says it hacked drug traffickers, extremists, and a ransomware gang last year

加拿大情报机构称去年曾对毒贩、极端分子及勒索软件团伙实施黑客攻击

Offering a rare glimpse at the priorities of a top spy organization, Canada’s Communications Security Establishment (CSE) said it conducted a handful of state-authorized hacks last year in order to disrupt the operations of drug traffickers, violent extremists, and a ransomware gang. 加拿大通信安全局(CSE)罕见地披露了其作为顶级情报机构的工作重点,称去年曾执行过数次国家授权的黑客行动,旨在干扰毒贩、暴力极端分子以及一个勒索软件团伙的运作。

The disclosures in the Canadian intelligence agency’s annual report underscore some of the main national security threats that face Canada and its closest allies: ranging from the import of illegal drugs to cyberattacks. The spy agency, CSE, is tasked with collecting foreign intelligence, defending government systems, and disrupting online adversaries. 这份加拿大情报机构年度报告中的披露内容,凸显了加拿大及其最亲密盟友所面临的主要国家安全威胁,范围涵盖从非法毒品进口到网络攻击等多个方面。作为情报机构,CSE 的职责包括收集外国情报、防御政府系统以及干扰网络对手。

Published last week, the report says the CSE last year carried out three foreign “active cyber operations” — the term the agency uses to describe its cyberattacks on overseas operations that threaten Canadian national security and public safety. 该报告于上周发布,其中提到 CSE 去年执行了三次海外“主动网络行动”——这是该机构对其针对威胁加拿大国家安全和公共安全的海外行动所实施的网络攻击的称呼。

One of the operations, per the report, targeted cybercriminals outside of Canada who were brokering the sale of chemicals used to create the synthetic opioid fentanyl. The CSE collected intelligence on the brokers, then conducted an operation that “disrupted and diminished their ability to operate,” the report said. 据报告显示,其中一次行动针对的是加拿大境外的网络犯罪分子,这些人正在充当制造合成阿片类药物芬太尼所需化学品的销售中间人。CSE 在收集了这些中间人的情报后,实施了一次行动,报告称该行动“干扰并削弱了他们的运作能力”。

Another active operation involved the collection of signals intelligence — data produced from electronics and internet-connected devices — on an overseas extremist group that was spreading violent ideology and recruiting members, including in Canada. The report said the agency analyzed the group’s organization, reach, and potential vulnerabilities to conduct an operation that “successfully undermined the group’s credibility and limited their ability to radicalize and recruit new members.” 另一次主动行动涉及对一个海外极端组织进行信号情报收集(即从电子设备和联网设备中获取数据),该组织一直在传播暴力意识形态并招募成员,其中包括在加拿大境内招募。报告称,该机构分析了该组织的架构、影响范围及潜在弱点,从而实施了一次行动,该行动“成功破坏了该组织的信誉,并限制了其煽动激进思想和招募新成员的能力”。

Another operation involved disrupting a ransomware-as-a-service operation that let hackers rent access to a ransomware gang’s infrastructure to launch destructive extortion attacks. The CSE said its signals intelligence unit identified how the gang worked against the healthcare, transportation, and business sectors in Canada, then used an active cyber operation that “rendered the group’s infrastructure inoperable.” The operation also deleted much of the data on the gang’s servers. 另一次行动涉及干扰一项“勒索软件即服务”(RaaS)业务,该业务允许黑客租用勒索软件团伙的基础设施来发动破坏性的勒索攻击。CSE 表示,其信号情报部门查明了该团伙如何针对加拿大的医疗、交通和商业部门进行攻击,随后通过一次主动网络行动,“使该团伙的基础设施无法运作”。此次行动还删除了该团伙服务器上的大部分数据。

The agency said it undertook concurrent “technical disruptions” against 10 of the most significant ransomware gangs targeting Canada to “make parts of their infrastructure unusable.” The report did not say where the hackers, extremists, or the ransomware gang were located, or the specifics of the operations that the CSE used to target them. 该机构表示,它同时对 10 个针对加拿大的最主要勒索软件团伙实施了“技术干扰”,以“使其部分基础设施无法使用”。报告并未说明这些黑客、极端分子或勒索软件团伙的具体所在地,也未透露 CSE 用于针对他们的具体行动细节。

It’s not uncommon for spy agencies to conduct cyberattacks against their adversaries, but such operations are seldom disclosed or detailed to protect the methods and techniques used. 情报机构对对手实施网络攻击并不罕见,但为了保护所使用的方法和技术,此类行动很少被披露或详细说明。

Fort Meade, Maryland-based Cyber Command, which conducts cyber operations for the U.S. government, regularly carries out “hunt forward” operations that involve sending cyber teams to allied nations to secure their networks and disrupt cyber operations launched by adversaries. The number of U.S.-led hunt-forward operations have risen from a few handful during 2018 to more than two dozen during 2025. 总部位于马里兰州米德堡的美国网络司令部负责为美国政府执行网络行动,该司令部定期开展“前出狩猎”(hunt forward)行动,即派遣网络团队前往盟国,以保护其网络安全并干扰对手发起的网络行动。由美国主导的“前出狩猎”行动数量已从 2018 年的寥寥数次增加到 2025 年的二十多次。

Canada’s CSE said it also carried out one defensive cyber operation during the year to target a phishing campaign aimed at Canadian federal government institutions and other important systems. The agency said it disrupted the group’s infrastructure and “degraded their ability” to target Canadians. 加拿大 CSE 表示,今年还执行了一次防御性网络行动,旨在针对一起针对加拿大联邦政府机构及其他重要系统的网络钓鱼活动。该机构称,它干扰了该团伙的基础设施,并“削弱了他们”针对加拿大人的攻击能力。