Canada’s Communications Security Establishment (CSE) disclosed that it carried out three state-authorized foreign active cyber operations against an overseas ransomware-as-a-service gang, fentanyl-linked chemical traffickers, and a violent extremist organization. According to the agency’s annual reporting, the ransomware operation rendered parts of the gang’s infrastructure inoperable and deleted a large volume of stolen data that had been advertised for sale on the dark web, while the operation against chemical brokers disrupted activity tied to precursor sales used in fentanyl production.
CSE also said its operation against the extremist group used data from internet-connected devices to undermine the group’s credibility and reduce its ability to recruit and radicalize people in Western countries, including Canada. Separately, the agency reported technical disruptions against 10 significant ransomware gangs targeting Canadian healthcare, transportation, and business sectors, as well as a defensive cyber operation that disrupted a phishing campaign aimed at Canadian federal institutions and other critical systems.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
7 events from the most recent confirmed update back to the earliest known activity.
On 2026-07-06, reporting on CSE’s annual report revealed the agency’s previously undisclosed 2025 cyber operations against criminal and extremist targets. The disclosure included details on active operations and broader ransomware disruptions.
CSE also reported a separate defensive cyber operation against a phishing campaign aimed at Canadian federal institutions and other important systems. The references describe this as an additional operation disclosed in the agency’s annual reporting.
CSE reported that it carried out authorized technical disruptions against 10 significant ransomware gangs in 2025. The agency said these actions made parts of the gangs’ infrastructure unusable.
In 2025, CSE targeted an unspecified ransomware-as-a-service gang affecting Canadian healthcare, transportation, and business sectors. The agency said it rendered the gang’s infrastructure inoperable and deleted a large amount of stolen data from its servers.
CSE said a 2025 operation targeted an extremist group involved in recruiting and spreading violent ideology. Using data from internet-connected devices, the agency said it reduced the group’s credibility and its ability to radicalize and recruit in Western countries, including Canada.
One of CSE’s 2025 active cyber operations targeted overseas brokers selling chemicals used to make fentanyl. The agency said the operation disrupted and diminished the traffickers’ activity.
Canada’s Communications Security Establishment said it carried out three state-authorized foreign active cyber operations in 2025. The operations targeted fentanyl-linked chemical traffickers, a violent extremist group, and a ransomware-as-a-service operation.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
6 references tracked. Mallory keeps watching after this page renders.
risky.biz
Open sourcecyberveille.ch
Open sourcescworld.com
Open sourcetechcrunch.com
Open sourcetherecord.media
Open sourcecse-cst.gc.ca
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.