Canada’s CSE Conducted Three Active Cyber Operations Against Foreign Drug Traffickers, Extremists, Ransomware Gang
Image: Zamin.uz

Canada’s CSE Conducted Three Active Cyber Operations Against Foreign Drug Traffickers, Extremists, Ransomware Gang

06 July, 2026.Canada.4 sources

Key Takeaways

  • CSE conducted state-authorized hacks against three foreign groups: drug traffickers, violent extremists, ransomware gang.
  • Operations occurred in 2025, disclosed in CSE's annual report.
  • Agency publicly disclosed operations, unusual for intelligence agencies.

CSE Hacks Three Groups

Canada’s Communications Security Establishment (CSE) said in its annual report that it conducted three state-authorized “active cyber operations” in 2025 against foreign drug traffickers, violent extremists, and a ransomware-as-a-service gang.

The Canadian intelligence agency CSE offered an unusual look at its online offensive operations by revealing that last year it hacked networks linked to drug trafficking, violent extremism, and ransomware

DiarioBitcoinDiarioBitcoin

TechCrunch reported that one operation targeted cybercriminals outside of Canada who were brokering the sale of chemicals used to create the synthetic opioid fentanyl, and that the CSE collected intelligence on the brokers before acting.

Image from DiarioBitcoin
DiarioBitcoinDiarioBitcoin

The Record from Recorded Future News said the CSE’s report described one operation that used data pulled from devices connected to the internet to disrupt an unspecified foreign extremist group “spreading violent ideology and seeking to recruit in Western countries, including Canada.”

The Record added that the third operation used signals intelligence to map out the inner workings of an unspecified ransomware-as-a-service gang, and that the operation “rendered the group’s infrastructure inoperable and deleted a large amount of stolen data that was being advertised for sale on the dark web.”

Disruption, Credibility, Recruitment

TechCrunch said the CSE described an operation against an overseas extremist group that was spreading violent ideology and recruiting members, including in Canada, and that the agency analyzed the group’s organization, reach, and potential vulnerabilities.

In that same account, The Record from Recorded Future News said the CSE “successfully undermined the group’s credibility and limited their ability to radicalize and recruit new members,” framing the operation as a direct hit on recruitment capacity.

Image from TechCrunch
TechCrunchTechCrunch

TechCrunch reported that the ransomware-as-a-service operation involved disrupting a model that let hackers rent access to a ransomware gang’s infrastructure to launch destructive extortion attacks, and that the CSE said its signals intelligence unit identified how the gang worked against the healthcare, transportation, and business sectors in Canada.

The Record from Recorded Future News said CSE also carried out “authorized technical disruptions” against 10 major ransomware gangs to “make parts of their infrastructure unusable” last year, extending the disruption beyond the single gang described in the three operations.

Threats to Canada’s Systems

TechCrunch said the CSE’s annual report also described a defensive cyber operation during the year to target a phishing campaign aimed at Canadian federal government institutions and other important systems.

Canadian spy agency reports hacking three criminal groups in 2025 Canadian intelligence officials executed state-authorized hacks against a ransomware gang, drug dealers and violent extremists in 2025

The Record from Recorded Future NewsThe Record from Recorded Future News

The Record from Recorded Future News said the CSE’s report described its hack against a ransomware gang as an action that “disrupted and diminished” the traffickers, while also describing the extremist operation as using internet-connected device data to disrupt recruitment efforts.

DiarioBitcoin said the CSE’s disclosure confirmed “simultaneous technical disruptions against 10 of the most significant ransomware gangs that target Canada,” while also noting that the annual report did not detail locations or methods.

Across the coverage, TechCrunch emphasized that the report did not say where the hackers, extremists, or the ransomware gang were located, but it said the CSE’s disclosures underscore national security threats facing Canada and its closest allies, ranging from the import of illegal drugs to cyberattacks.

More on Canada