The Communications Security Establishment (CSE), Canada’s spy agency, recently released its annual report, disclosing that it conducted several state-authorized hacks last year. These operations aimed to disrupt the operations of drug traffickers, violent extremists, and an international ransomware gang. This marks a rare public admission by a Western intelligence agency regarding its active overseas cyber offensive operations.
Detailed Developments
According to the CSE's 2025-2026 annual report published last week, the agency carried out three foreign "active cyber operations" targeting national security threats outside Canada. One of these operations targeted cybercriminals brokering chemicals used to manufacture fentanyl, a dangerous synthetic opioid. The CSE gathered intelligence and executed a disruption operation that significantly diminished the brokers' ability to operate.
Another active operation targeted an overseas violent extremist group that was spreading ideology and recruiting members within Canada. By collecting and analyzing signals intelligence, the CSE identified the group's vulnerabilities to conduct an operation that successfully undermined its credibility and limited its recruitment capabilities.
Technical & Technology Analysis
For the third operation, the CSE directly targeted a ransomware-as-a-service operation. This group rented out its infrastructure to hackers to launch extortion attacks against Canada’s healthcare, transportation, and business sectors. The CSE's signals intelligence unit identified how the gang worked and executed an active cyber operation that rendered the group's infrastructure inoperable, while also deleting most of the data on the gang's servers.
Additionally, the CSE noted that it undertook concurrent technical disruptions against 10 of the most significant ransomware gangs targeting Canada to render parts of their infrastructure unusable.
Expert Opinions & Insights
International intelligence agencies rarely disclose the details of their cyber operations to protect their proprietary technical methods and operational tools. However, the publication of the CSE report indicates a growing trend toward transparency to deter digital adversaries. Similar to the U.S. Cyber Command increasing its "hunt forward" operations in allied nations, Western countries are shifting from defensive postures to proactively disrupting threats at their source.
Impact & Future
In addition to active offensive operations abroad, the CSE also executed a defensive cyber operation to block a phishing campaign aimed at Canadian federal government institutions. These actions demonstrate that cyberspace has become an active battlefield where national security agencies utilize digital weaponry to protect domestic security and critical infrastructure from transboundary threats.