Canadian Hacktivists Target Water and Energy Infrastructure

Canadian Centre for Cyber Security Warns of Critical Infrastructure Breaches

A recent advisory from the Canadian Centre for Cyber Security has highlighted the alarming trend of hacktivists infiltrating critical infrastructure systems in Canada. These breaches have enabled the unauthorized manipulation of industrial controls, posing significant risks to public safety.

The advisory underscores the urgent need for enhanced cybersecurity measures to defend against malicious attacks targeting internet-exposed Industrial Control Systems (ICS). The incidents reported serve as a stark reminder of the vulnerabilities within essential facilities that could be exploited by cyber adversaries.

According to the alert, hacktivists have recently targeted key infrastructure sites, including a water treatment facility, an oil & gas company, and an agricultural facility. The tampering with critical systems at these locations resulted in disruptions, false alarms, and potential hazards that could have endangered lives.

One particularly concerning incident involved the manipulation of water pressure values at a water facility, leading to a degradation in service quality for the local community. Similarly, an oil and gas company fell victim to an attack that triggered false alarms by tampering with an Automated Tank Gauge (ATG).

Authorities believe that these attacks were not meticulously planned but rather opportunistic in nature, intended to create chaos, instill fear, and erode trust in governmental institutions. The goal of hacktivists is to sow discord and generate a sense of insecurity within society, often collaborating with advanced persistent threats (APTs) to amplify their impact.

Recent reports from the U.S. government have also highlighted the nefarious activities of foreign hacktivists targeting industrial systems. A Russian group known as TwoNet was recently caught attempting to manipulate settings at a decoy plant, underscoring the global nature of cyber threats.

While the incidents in Canada did not result in catastrophic consequences, they serve as a stark reminder of the vulnerabilities present in ICS components such as PLCs, SCADA systems, HMIs, and industrial IoT devices. The heightened risk posed by poorly protected systems necessitates immediate action to bolster cybersecurity defenses.

In response to the escalating hacktivist activity, Canadian authorities have recommended several proactive measures:

• Conduct a comprehensive inventory and assessment of all internet-accessible ICS devices, and minimize direct internet exposure where feasible.
• Implement VPNs with two-factor authentication, intrusion prevention systems (IPS), vulnerability management practices, and regular penetration testing.
• Adhere to guidance provided by vendors and the Cyber Security Centre, including the Cyber Security Readiness Goals (CRGs).
• Report any suspicious activity through My Cyber Portal or contact@cyber.gc.ca, and collaborate with local law enforcement for coordinated investigations.

While ICS malware is not commonly associated with hacktivist threats, it is essential to keep firmware updated for all ICS components to mitigate potential security vulnerabilities that could be exploited for malicious purposes.

Picus Blue Report 2025 Reveals Alarming Trends in Cybersecurity

Recent findings from the Picus Blue Report 2025 indicate a concerning rise in password cracking incidents, with 46% of environments experiencing breaches, nearly double the previous year’s figure of 25%.

For detailed insights on prevention strategies, detection mechanisms, and data exfiltration trends, access the Picus Blue Report 2025 today.

Get the Blue Report 2025