An alarming report from the Canadian Centre for Cyber Security revealed that Chinese hackers lived undetected inside Canadian government systems for the better part of five years, committing numerous acts of cyber-espionage to give China the upper hand over Canada in economic and diplomatic conflicts.
The Cyber Centre, as Canada’s chief cybersecurity agency is commonly known, reported that state-sponsored hackers from the People’s Republic of China (PRC) “persistently conduct cyber espionage against federal, provincial, territorial, municipal, and Indigenous government networks in Canada.”
Many of these espionage campaigns fall into the category of “living off the land,” a designation created by cybersecurity experts to describe hacker attacks that do not immediately cause damage or reveal themselves through malicious activity. Instead, hackers insert malicious code into a targeted system that hides by performing useful functions or mimicking the behavior of legitimate software. This allows the hackers to lurk in a compromised network until they see data worth stealing – or receive orders from their superiors to unleash chaos.
According to the Centre’s “National Cyber Threat Assessment 2025-2026,” Chinese hackers lurking in Canada’s systems stole valuable information every time they saw an opportunity, especially in cutting-edge fields like quantum computing and aviation.
The hackers also took offensive action against Canadian government officials who criticized the Chinese Communist Party, particularly members of the Inter-Parliamentary Alliance on China (IPAC).
IPAC is a non-profit organization, founded in 2020, that includes parliamentary representatives from numerous countries besides Canada, including France, Japan, Germany, and the United States, whose members include congressional representatives from both parties.
Chinese state-sponsored hackers targeted IPAC with malware-laced emails, specifically images that sent information about the target’s computer system back to the hackers when the email recipient viewed them.
China also waged heavy cyber campaigns against the enemy groups it terms the “Five Poisons” — Falun Gong, Uyghurs, Tibetans, Taiwan, and pro-democracy activists. Information gathered against these groups by state hackers was used in “transnational repression” campaigns.
The report warned that the PRC “very likely leverages Chinese-owned technology platforms” – including ostensibly “private” businesses – to “facilitate transnational repression.”
The Cyber Centre expressed concerns that China’s efforts to “pre-position” cyber espionage assets inside United States critical infrastructure, to “gain an advantage during a potential conflict with the U.S.,” could spill over into Canada.
The report said:
While the focus of future PRC cyber warfare operations will likely be concentrated on the U.S., disruptive or destructive cyber threat activity against integrated North American critical infrastructure, such as pipelines, power grids, and rail lines, would likely affect Canada as well due to cross-border interoperability and interdependence.
The Cyber Center called out Russian and Iranian espionage campaigns, as well as “cybercrime as a service” and ransomware rackets, but considered China’s “expansive and aggressive cyber program” to be “the most sophisticated and active state cyber threat to Canada today.”
“We’re often asked, what keeps up at night? Well, pick the page,” said Caroline Xavier, chief of the Cyber Centre’s parent agency, the Communications Security Establishment (CSE).
At a press conference in Ottawa on Wednesday to roll out the report, Xavier was asked about progress on a recommendation made over two years ago to extend CSE’s protective cybersecurity services to all federal entities, including very small offices.
“Yeah, we’re not going to comment on that,” she replied.
The Chinese embassy in Ottawa was “not immediately available for comment” on the Canadian cybersecurity report when it was contacted by Reuters on Wednesday.
