Canada’s spy agency reveals it hacked drug traffickers, extremists, and a ransomware gang in 2024

Canada’s Communications Security Establishment (CSE) has publicly disclosed that it carried out a series of state-authorized cyberattacks last year, targeting fentanyl brokers, a violent extremist group, and a ransomware operation. The agency shared the details in its annual report, offering an unusually candid look at how one of Canada’s most secretive intelligence bodies actually operates.

According to TechCrunch, the CSE conducted three foreign “active cyber operations” in 2024, a term the agency uses for offensive hacking actions aimed at threats to Canadian national security and public safety. A fourth operation was defensive, targeting a phishing campaign directed at federal government systems.

This kind of public disclosure is rare. Spy agencies routinely conduct offensive cyber operations but almost never confirm them, let alone describe the results. The CSE’s willingness to put these actions in writing signals a deliberate choice to build public awareness around the threats Canada faces, and the tools being used to fight them.

Each of the three offensive operations took on a different type of threat. Here is what the report says happened:

  • Fentanyl brokers: The CSE collected intelligence on overseas criminals who were brokering the sale of chemicals used to make synthetic opioids. It then ran an operation that “disrupted and diminished their ability to operate.”
  • Violent extremists: The agency tracked an overseas group spreading extremist ideology and recruiting members, including in Canada. The operation “successfully undermined the group’s credibility and limited their ability to radicalize and recruit new members.”
  • Ransomware gang: The CSE identified a ransomware-as-a-service operation targeting Canadian healthcare, transportation, and business sectors. Its cyber operation “rendered the group’s infrastructure inoperable” and deleted much of the data on the gang’s servers.

Beyond those three targeted operations, the CSE also said it carried out concurrent technical disruptions against 10 of the most significant ransomware groups targeting Canada, making parts of their infrastructure unusable. That is a notable scope of activity for a single year and suggests the agency is treating ransomware not as an isolated criminal problem but as an ongoing national security issue.

The report did not name the groups involved or specify where they were located. It also gave no technical detail about how the operations were carried out. That is standard practice. Even when agencies choose to acknowledge offensive operations, they protect the methods behind them.

Canada is not alone in this approach. The U.S. Cyber Command, based in Fort Meade, Maryland, has been running what it calls “hunt forward” operations since 2018, sending cyber teams to allied nations to defend networks and disrupt adversaries. Those operations have grown from a handful in 2018 to more than two dozen in 2025, reflecting how much offensive cyber activity has expanded across Western governments over the past decade.

What makes the CSE’s report worth paying attention to is the mix of threats it covers. Ransomware gangs and fentanyl networks are not the typical targets people associate with a signals intelligence agency. But the CSE’s mandate includes defending public safety, and the report makes clear that the agency sees drug trafficking networks and extremist recruiters as legitimate targets for the same tools it uses against state-backed hackers.

The defensive operation is also significant. The CSE said it disrupted infrastructure being used in a phishing campaign against Canadian federal institutions, and “degraded” the attackers’ ability to go after Canadian targets. No further details were given, but it confirms the agency is also actively working to protect government networks, not just conducting operations abroad.

For the public, the annual report is one of the only windows into what the CSE actually does. These disclosures, limited as they are, help build accountability around a powerful agency that operates largely out of sight.