Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
The Government of Canada’s Department of Foreign Affairs and Trade is responsible for the country’s diplomatic and consular relations, foreign trade, and the oversight of international development and humanitarian aid programs.
What Happened?
Following an attack on Global Affairs Canada (GAC) systems last week, the organization experienced service disruption.
The incident occurred last week, according to a statement released by the Treasury Board of Canada Secretariat (TBS), Shared Services Canada, and the Communications Security Establishment (CSE).
The attack was spotted on January 19th, after which mitigating measures were implemented.
Critical services for Canadians through Global Affairs Canada are currently functioning. Some access to Internet and internet-based services are not currently available as part of the mitigation measures and work is underway to restore them.
At this time, there is no indication that any other government departments have been impacted by this incident.
Furthermore, although key services are still accessible via Global Affairs’ online systems, “some access to the internet and internet-based services” is not available while mitigating measures have been implemented and systems are being restored, according to the Canadian government.
No evidence has been found that any other government agencies were harmed by the attack, according to the federal government.
There are systems and tools in place to monitor, detect, and investigate potential threats, and to take active measures to address and neutralize them when they occur.
As reported by BleepingComputer, official sources have not yet revealed what was the cause of the attack or who are the threat actors behind it, as the investigation continues.
It’s interesting to note that the attack came soon after the Canadian Centre for Cyber Security issued an advisory regarding Russian state-sponsored cyber threats.
The Canadian Centre for Cyber Security encourages the Canadian cybersecurity community—especially critical infrastructure network defenders—to bolster their awareness of and protection against Russian state-sponsored cyber threats. The Cyber Centre joins our partners in the US and the UK in recommending proactive network monitoring and mitigations.
Canada’s Cyber Centre, part of the Communications Security Establishment, is aware of foreign cyber threat activities, including by Russian-backed actors, to target Canadian critical infrastructure network operators, their operational and information technology (OT/IT). The advisory issued by our US partners usefully highlights vulnerabilities known to have been exploited by Russian cyber threat actors, as well as information about their tactics, techniques and procedures (TTPs).
While the identity of the threat actors responsible for the incident has not yet been exposed, this is not the first time that attackers have been successful in their attempts to compromise Canadian government networks.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.
