DMR News

Advancing Digital Conversations

Canada’s Cyber Spy Agency Says It Disrupted Ransomware, Fentanyl and Extremist Networks

ByJolyen

Jul 7, 2026

Canada’s Cyber Spy Agency Says It Disrupted Ransomware, Fentanyl and Extremist Networks

Canada’s Communications Security Establishment said it carried out state-authorized cyber operations last year against foreign drug traffickers, violent extremists and ransomware criminals. The disclosures appeared in the agency’s 2025-2026 annual report, offering a rare public look at how Canada’s signals intelligence agency uses hacking tools to disrupt overseas threats.

CSE is responsible for foreign signals intelligence, cyber security and foreign cyber operations. Its report covers work carried out from April 1, 2025, to March 31, 2026, including operations designed to protect Canadian institutions, critical infrastructure and public safety.

The agency said it received 13 ministerial authorizations during the year, including four related to foreign cyber operations. Under Canadian law, these operations cannot target Canadians anywhere in the world or anyone located in Canada.

CSE Targeted Fentanyl Supply Networks

One operation targeted foreign-based cybercriminals who were brokering the purchase and sale of precursor chemicals used to make synthetic opioids such as fentanyl. CSE said it collected foreign intelligence on the brokers before conducting authorized active cyber operations that disrupted and weakened their ability to operate.

The agency said the work supported law enforcement and Canada’s broader effort to reduce the harm caused by fentanyl and other illicit drugs. It also said it worked with the RCMP, FINTRAC, the Canada Border Services Agency, CSIS and Public Safety Canada through a joint intelligence cell focused on transnational crime and border security.

A second active operation targeted a foreign extremist group that was spreading violent ideology and trying to recruit people in Western countries, including Canada. CSE said its signals intelligence teams studied the group’s network, reach and vulnerabilities before launching an operation that undermined its credibility and limited its ability to recruit new members.

Ransomware Infrastructure Was Disabled

CSE also said it disrupted a ransomware-as-a-service group responsible for more than 25 incidents affecting Canada’s transportation, healthcare, pharmaceutical and business sectors. Working with Five Eyes partners and law enforcement, the agency said it made the group’s infrastructure inoperable and deleted a large amount of stolen data advertised for sale on the dark web.

The agency also took concurrent action against 10 of the most significant ransomware groups causing harm to Canada and its allies. It said those technical disruptions made parts of their infrastructure unusable.

CSE reported one defensive cyber operation during the year. That operation targeted a phishing campaign aimed at Canadian federal institutions and other designated systems of importance, disrupting the threat actor’s infrastructure and reducing its ability to target Canadians.

The agency did not identify the locations of the groups it targeted or provide technical details about the operations. Such information is usually withheld because intelligence agencies try to avoid revealing methods that adversaries could use to adapt.


Featured image credits: Magnific.com
For more stories like it, click the +Follow button at the top of this page to follow us.

Jolyen

As a news editor, I bring stories to life through clear, impactful, and authentic writing. I believe every brand has something worth sharing. My job is to make sure it’s heard. With an eye for detail and a heart for storytelling, I shape messages that truly connect.

Leave a Reply

Your email address will not be published. Required fields are marked *