The Canadian Centre for Cyber Security (CCCS) has confirmed that hacktivists have breached multiple critical infrastructure systems across the country, gaining access to industrial control systems (ICS) and manipulating operational settings in ways that could have led to dangerous conditions.
Multiple Incidents Across Water, Energy, and Agricultural Sectors
According to the CCCS alert, three separate incidents occurred in recent months. The first involved a water treatment facility, where attackers tampered with water pressure values, disrupting service for the local community. The second targeted a Canadian oil and gas company, where threat actors manipulated an Automated Tank Gauge (ATG), causing false alarms within the system.
The third incident occurred at a grain-drying silo on a Canadian farm, where intruders altered temperature and humidity levels, potentially creating unsafe operational conditions if not detected promptly.
“One incident affected a water facility, tampering with water pressure values and resulting in degraded service for its community,” stated the CCCS bulletin.
“Another involved a Canadian oil and gas company, where an Automated Tank Gauge (ATG) was manipulated, triggering false alarms.”
Motives and Broader Hacktivist Objectives
Canadian authorities believe these intrusions were opportunistic rather than coordinated or technically sophisticated. The intent appears to have been psychological and political — to attract attention, undermine public trust, and damage Canada’s reputation internationally.
Hacktivist campaigns often aim to sow public fear and create the perception of instability, sometimes aligning themselves with more capable Advanced Persistent Threat (APT) groups that leverage such incidents to advance geopolitical narratives.
Similar behavior has been observed in other nations. Earlier this month, the U.S. government reported that a Russian-affiliated group known as TwoNet attempted to manipulate operational settings in a controlled decoy facility, demonstrating that foreign-aligned hacktivists remain active in targeting ICS networks globally.
Technical Risks to Industrial Control Systems
While none of the Canadian incidents resulted in catastrophic outcomes, the CCCS warned that the attacks underscore a persistent national risk: insufficiently secured industrial components such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) systems, Human-Machine Interfaces (HMIs), and industrial IoT devices.
Such systems, when left directly exposed to the internet, are highly susceptible to opportunistic exploitation. Even low-skill actors can cause operational disruptions if access controls, firmware updates, and monitoring systems are not properly maintained.
Defensive Measures Recommended by Authorities
In response to this rising threat activity, the CCCS urged operators of critical and industrial infrastructure to take immediate defensive actions, including:
- Conducting comprehensive inventories of all internet-accessible ICS assets and removing direct internet exposure where possible.
- Implementing VPN access with multi-factor authentication, intrusion prevention systems (IPS), and ongoing vulnerability management.
- Following vendor-specific hardening guides and the CCCS’s Cyber Security Readiness Goals (CRGs).
- Reporting all suspicious or anomalous activity through My Cyber Portal or via contact@cyber.gc.ca, and notifying law enforcement for coordinated investigations.
Although hacktivists typically rely on unsophisticated methods, the CCCS also recommended maintaining up-to-date firmware on all ICS components to prevent exploitation of known vulnerabilities or the installation of persistent malware backdoors.
