The Canadian government said it is investigating a cyberattack on Global Affairs Canada (GAC) — its department for foreign and consular relations — that occurred on January 19.
The Treasury Board of Canada Secretariat (TBS), Shared Services Canada, and Communications Security Establishment said in a statement released Monday evening that they are working with GAC to address the incident.
“Critical services for Canadians through Global Affairs Canada are currently functioning. Some access to internet and internet-based services are not available as part of the mitigation measures and work is underway to restore them. There is no indication that any other departments have been impacted by this incident,” the federal agencies said.
“There are systems and tools in place to monitor, detect, and investigate potential threats, and to take active measures to address and neutralize them when they occur.”
Canadian news outlet CBC News said it obtained emails from Canadian missions abroad showing that some embassies were “experiencing electronic communications issues” and that email accounts were not working for hours.
The government statement said an investigation into the incident is ongoing and that they are not able to attribute the attack to any group or country.
“Our cyber defense and incident response teams work 24/7 to identify compromises and alert potential victims within the GC and Canadian critical infrastructure,” the agencies said.
CrowdStrike co-founder Dmitri Alperovitch appeared on Canadian TV on Tuesday and said Canadian sources told him it was not an “attack” because it was not destructive in nature.
“It could just be an intrusion that was designed for intelligence collection purposes to try and steal some information from Canadian networks. Certainly serious but not as serious as something that takes networks down, destroys data, destroys computers,” Alperovitch said.
The incident took place on the same day the Canadian Centre for Cyber Security sent out a bulletin to critical infrastructure operators warning them of the threats posed by Russian hackers. The warning mirrored one sent by US agencies, but experts were quick to downplay any connection between the two.
Emsisoft threat analyst Brett Callow told ZDNet that while the incident and announcement occurred on the same day hints at a link, it would be a mistake to assume that’s actually the case.
“It could also be unnecessarily inflammatory, too. Coincidences can and do happen. At this point, it’s not clear whether the ‘cyber incident’ was indeed a ‘cyber attack’ or, if it was, who was responsible or what their objectives may have been,” Callow said.