CBC is reporting that attacks from IP addresses based in China have managed to successfully breach networks within the Finance and the Treasury Board of Canada, as well as Defence Research and Development Canada. The attack is the latest in a string of attacks aimed at high level government agencies.From the CBC:
An unprecedented cyberattack on the Canadian government also targeted Defence Research and Development Canada, making it the third key department compromised by hackers, CBC News has learned.
The attack, apparently from China, also gave foreign hackers access to highly classified federal information and also forced the Finance Department and Treasury Board - the federal government's two main economic nerve centres - off the internet.
So how did they get in?
The CBC reports that it was a standard spear-phishing attack, just as we've seen with the Aurora attacks against Google and many other high-profile companies in the U.S. According to the report, attackers gained access to systems by pretending to be federal executives. Under that pretense, they approached technical workers who provided the passwords needed to gain access to sensitive networks.
At the same time, reports indicate, the attackers sent staff members e-mails with attachments laced with malware designed to infiltrate systems further.
This is the latest in what has become a serial of attacks on Western interests that appear to be stemming from China. Including the Aurora attacks, attacks on the U.S. government, as well as recently reported attacks on energy firms.
For my security and technology observations throughout the day, find me on Twitter as @georgevhulme.