Hacktivists target Canadian critical infrastructure, the Canadian Centre for Cyber Security (CCCS) warned, after multiple breaches where foreign actors accessed internet-exposed industrial control systems and changed operational values that could have caused unsafe conditions. The incidents were opportunistic, not sophisticated, and intended to trigger disruption and attract attention.

Hacktivists have breached several Canadian industrial systems, including water treatment, oil and gas, and agriculture facilities. While no major damage occurred, the attacks highlight the risk of exposed ICS devices. The Cyber Centre urges organizations to secure systems, remove internet exposure, use VPNs with 2FA, and keep firmware updated.

What Happened

• Water facility: Attackers changed water-pressure values, reducing service for the community.
• Oil and gas firm: An Automated Tank Gauge (ATG) was tampered with, triggering false alarms.
• Agriculture site: Temperature and humidity levels were altered in a grain-drying silo, creating unsafe conditions if not detected in time.

CCCS noted that these events expose vulnerabilities in poorly protected Industrial Control Systems (ICS) such as PLCs, SCADA, HMIs, and industrial IoT devices.

Not Canadian Hackers

Authorities clarified that these were foreign hacktivist groups, not Canadian actors. Their intent was to create fear and erode trust in institutions. The pattern matches similar activity seen in the United States, where a Russian-aligned group named TwoNet was caught attempting to manipulate a decoy industrial plant earlier this month.

How to Strengthen Protection

The Cyber Centre advises critical-infrastructure operators to:

• Identify and secure all internet-accessible ICS devices; remove unnecessary exposure.
• Use VPNs with two-factor authentication, intrusion-prevention systems (IPS), and vulnerability-management tools.
• Perform regular penetration testing.
• Follow vendor and CCCS guidance, including Cyber Security Readiness Goals (CRGs).
• Report incidents through My Cyber Portal or contact@cyber.gc.ca, and alert local authorities.
• Keep firmware and software updated to patch vulnerabilities and prevent persistent backdoors.

Why It Matters

These events prove that even basic opportunistic attacks can impact essential services. With increasing digital integration, protecting industrial systems is as crucial as safeguarding corporate networks.

FAQs

1. Are the attackers Canadian?
   No. The hacktivists are believed to be foreign actors, possibly linked to politically motivated or pro-Russian groups.
2. What sectors were affected?
   Water treatment, oil and gas, and agriculture facilities faced disruptions due to manipulated control systems.
3. Were there any major damages?
   No catastrophic damage occurred, but the tampering could have led to serious safety risks.
4. Why target Canada?
   Hacktivists often seek publicity and aim to shake public trust in governments. Canada’s growing digital infrastructure makes it an attractive target.
5. How can organizations protect themselves?
   Secure ICS devices, limit internet exposure, enable strong authentication, update firmware, and report suspicious activity immediately.