top of page

Canada’s Signals Agency Says It Carried Out Overseas Hacks To Disrupt Drug Brokers, Extremists And Ransomware Network

  • Writer: Andrej Botka
    Andrej Botka
  • 9 hours ago
  • 2 min read

Canada’s Communications Security Establishment disclosed that it mounted several government-approved cyber incursions last year to hobble the operations of intermediaries in the illicit fentanyl supply chain, an overseas extremist cell recruiting people here, and a ransomware-as-a-service operation that targeted Canadian institutions. The agency reported three offensive foreign cyber missions and one defensive intervention — meaning one-quarter of the publicly acknowledged actions focused on protecting domestic systems — as part of its mandate to collect foreign intelligence, defend government networks and interfere with online threats.


In one case, CSE said its teams tracked intermediaries arranging the sale of chemicals used to manufacture the synthetic opioid fentanyl. Analysts gathered electronic intelligence on the sellers and then took steps that reduced the brokers’ capacity to continue their trade, according to the report. The agency did not identify the countries involved or disclose the specific tools or techniques it used to disrupt the supply chain actors.


A second operation targeted an overseas group that was disseminating violent material and recruiting remotely, including people inside Canada. CSE’s signals collection mapped the organization’s structure, reach and potential fault lines, and technicians executed an operation that, the report said, damaged the group’s standing and curtailed its recruitment efforts. Officials gave no additional operational details, a common practice intended to protect methods and partnerships.


Another offensive mission focused on a ransomware-as-a-service model, in which operators rent access to a criminal infrastructure that enables broad extortion campaigns. CSE’s analysis identified how that service was deployed against Canadian hospitals, transit systems and businesses; subsequent intervention took major portions of the criminal infrastructure offline and removed significant datasets from servers linked to the operation. Separately, the agency said it carried out technical actions against 10 of the most disruptive extortion networks that have targeted Canada, making parts of those systems unusable.


The report offers few geographic specifics, reflecting the secrecy that typically surrounds state cyber activity. U.S. Cyber Command has been more forthcoming about similar forward operations, which it has increased from a handful around 2018 to roughly two dozen a year later, underscoring a broader allied trend toward offensive measures in cyberspace. Still, public disclosures remain limited to high-level summaries so as not to reveal sources, capabilities or international cooperation.


Cybersecurity experts said the CSE disclosures show Ottawa is prepared to use offensive cyber authority more visibly, but that transparency brings trade-offs. “Revealing that operations occurred without showing how they were done leaves important questions about oversight and legal review,” said a Toronto-based security researcher who asked not to be named. At the same time, defenders note that taking infrastructure used to mount attacks offline can translate into immediate benefits for hospitals, transit riders and companies that might otherwise face crippling disruptions.

 
 
 

Subscribe here to get our latest posts

© 2026 by The StartupsCentral. 

  • X
bottom of page