China Behind Recent Cyberattacks on Canada’s Telecom Companies: Canadian Security Agency and FBI Investigation

Udumbara Udumbara
Jun 25, 2025 - 10:03 Updated: Jun 24, 2025 - 15:15
0
China Behind Recent Cyberattacks on Canada’s Telecom Companies: Canadian Security Agency and FBI Investigation
.

Chinese state-linked cyber threat actors were responsible for recent attacks on Canadian telecommunications companies, according to Canada’s cybersecurity agency and the U.S. intelligence and security service. The incidents are part of a global cyber espionage campaign aimed at gathering intelligence data.

The Canadian Centre for Cyber Security and the FBI warned Canadians of the risks posed by state-sponsored cyber actors from the People’s Republic of China (PRC) in a bulletin published on June 19, following compromises of Canadian entities earlier this year by a PRC-linked cyber threat actor known as Salt Typhoon.

The agency says three network devices registered to a Canadian telecommunications company were compromised in mid-February, with actors exploiting system vulnerabilities to retrieve configuration files from all three devices, while modifying at least one of the files to enable traffic collection from the network.

“The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies,” reads the bulletin. “The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon.”

The agency did not specify which telecommunications companies were impacted.

The agency estimates that PRC cyber actors “will almost certainly continue to target Canadian organizations as part of this espionage campaign, including telecommunications service providers and their clients, over the next two years.”

It advises Canadian organizations to take steps to monitor and mitigate these threats by hardening networks, improving device security, and consulting cyber threat information related to the Chinese regime.

PRC actors have previously compromised networks of major global telecommunications providers, the cyber centre noted, adding that telecom networks are “almost certainly” among the highest priority espionage targets for state-sponsored cyber threat actors, as they enable access to bulk customer data and information on high-value targets, such as government officials.

“This includes geolocating and tracking individuals, monitoring phone calls, and intercepting SMS messages,” the centre says.

It highlighted an incident in 2024 when partner investigations discovered that China-linked cyber threat actors had compromised major telecom networks, including U.S. wireless carriers, and stole customer call records data while collecting the private communications of specific individuals involved in political activity.

“PRC cyber threat actors frequently attempt to compromise trusted service providers, including telecommunications, managed service providers and cloud service providers, to access client information or networks indirectly,” reads the bulletin.

The cyber centre has identified the Chinese regime as the “most sophisticated and active” cyber threat to Canada. At least 20 networks associated with the government of Canada have been compromised by PRC cyber threat actors since 2020, the agency said in its National Cyber Threat Assessment 2025–2026, released on Oct. 30, 2024.

China’s cyber operations against Canada are aimed at advancing high-level political and commercial objectives, the assessment said, including espionage, intellectual property, theft, malign influence, and transnational repression. They also target Canadian government officials who are critical of the Chinese Communist Party.

A bulletin released by the cyber centre earlier this year concluded that the PRC targets all levels of government in Canada to access sensitive information on decision-making, regional affairs, and Canadians’ personal data.
.
Read More