Canada's CSE hacked drug traffickers, extremists, and ransomware gang in 2025
Original: Canadian spy agency says it hacked drug traffickers, extremists and a ransomware gang last year
Why This Matters
Rare public disclosure of offensive cyber operations highlights growing government action against ransomware and criminal networks.
Canada's Communications Security Establishment (CSE) disclosed in its annual report that it conducted three state-authorized offensive cyber operations in 2025, targeting fentanyl brokers, a violent extremist group, and a ransomware-as-a-service gang threatening Canadian infrastructure.
Canada's spy agency, the Communications Security Establishment (CSE), revealed in its latest annual report that it carried out three foreign 'active cyber operations' in 2025 — a rare public disclosure of offensive intelligence activities.
The first operation targeted overseas cybercriminals brokering the sale of fentanyl precursor chemicals. After collecting intelligence, CSE 'disrupted and diminished their ability to operate.'
The second operation focused on an overseas extremist group spreading violent ideology and recruiting members inside Canada. CSE analyzed the group's structure and vulnerabilities, then executed an operation that 'successfully undermined the group's credibility and limited their ability to radicalize and recruit new members.'
The third targeted a ransomware-as-a-service operation that had attacked Canada's healthcare, transportation, and business sectors. CSE 'rendered the group's infrastructure inoperable' and deleted much of the data on its servers. The agency also conducted concurrent 'technical disruptions' against 10 of the most significant ransomware gangs targeting Canada to make parts of their infrastructure unusable.
The report did not identify the specific locations or names of the targeted groups, nor the technical methods used. CSE is mandated to collect foreign intelligence, defend government systems, and disrupt online adversaries.