Canadian Organizations Targeted by Chinese State-Sponsored Scanning
The Canadian Centre for Cyber Security (Cyber Centre) has issued a warning to Canadian organizations, urging them to strengthen their defenses against an ongoing campaign of reconnaissance scanning attributed to a sophisticated state-sponsored threat actor from the People’s Republic of China. This activity, while not an indication of compromise in itself, raises concerns due to its scale and the potential for future malicious actions.
“While we observe reconnaissance scanning on a near-constant basis, this widespread activity from a sophisticated threat actor against multiple organizations across multiple sectors is an opportunity to increase awareness of the potential threats facing Canadian organizations and share simple steps everyone can take to protect against them,” the Cyber Centre stated.
These scans, which have been ongoing throughout 2024, have targeted a wide range of organizations, including:
- Government of Canada departments and agencies
- Federal political parties
- The House of Commons and Senate
- Critical infrastructure
- The defense sector
- Media organizations
- Think tanks and NGOs
The Cyber Centre emphasizes that reconnaissance scanning is a preliminary stage of cyber activity, akin to “someone walking around a building to see if there is an alarm or security camera, or trying the windows and doors to see which ones are unlocked.” Essentially, it’s about gathering information and identifying potential vulnerabilities for future exploitation.
To mitigate this threat, the Cyber Centre recommends organizations follow cybersecurity best practices, including:
- Implementing multi-factor authentication
- Increasing logging to detect suspicious activity
- Educating employees about phishing and online scams
- Keeping operating systems and applications updated to patch known vulnerabilities
“Threat actors often take advantage of unpatched systems,” the Cyber Centre warns. “Organizations can protect themselves by ensuring they have updated their operating systems and applications to protect against all known vulnerabilities.”
