Authored by Andrew Chen via The Epoch Times (emphasis ours),

Cyber threat actors from the People’s Republic of China (PRC) have been implicated in multiple breaches of networks associated with federal government agencies and departments, according to a report from the national cybersecurity agency.

“Over the past four years, at least 20 networks associated with Government of Canada agencies and departments have been compromised by PRC cyber threat actors,” said the National Cyber Threat Assessment 2025-2026, released Oct. 30 by the Canadian Centre for Cyber Security.

The centre identifies China as the top threat actor targeting Canada, noting that its cyber operations are “second to none” in scale, technique, and ambition. Beijing’s objectives include espionage, intellectual property theft, malign influence, and transnational repression, the centre says. 

While the report highlights China’s hacking of 20 federal government networks in the past four years, information elsewhere in the report shows that Chinese hackers have had access to multiple government networks longer than that. The report says that Chinese agents have compromised Canadian government networks over the past five years, collecting communications and other valuable information.

“While all known federal government compromises have been resolved, it is very likely that the actors responsible for these intrusions dedicated significant time and resources to learn about the target networks,” the report reads.

At a press conference on Oct. 30, Caroline Xavier, chief of the Canadian Communications Security Establishment (CSE), would not  comment on the details of the breaches, but said mitigation measures had been “effective.”

“The key message for us—when there are incidents that occur—is really being focused on ensuring [we] minimize the impact to the government department that may have been compromised. And that is exactly where our focus has been,” she told reporters. “We do feel that the measures were taken to be able to mitigate any of the risks, and to address the incidents in an effective manner.”

The cyber centre is hosted within CSE, Canada’s electronic spy agency, which is responsible for collecting signals intelligence and defending against cyberattacks.

China Targets

In addition to federal agencies, provincial and territorial governments are also seen as valuable targets for Beijing, the report said, noting that these governments hold decision-making power over regional trade and commerce, including the extraction of critical minerals and other natural resources.

Xavier said this targeting indicates Beijing is a “sophisticated, consistent, and persistent actor,” and that Canada needs to address the threat with a more comprehensive approach.

“We have work to do as a nation, to continue to work, in particular with the provinces, territories, indigenous communities, because we recognize that we’re all vulnerable, or we all could be vulnerable, and we really want to continue to raise Canada’s cyber resilience,” she said.

The cyber centre also echoed previous reports from various human rights groups, warning that Beijing’s transnational repression has primarily targeted five specific communities, referred to by the regime as the “five poisons.” These include Falun Gong practitioners, Uyghurs, Tibetans, supporters of Taiwanese independence, and pro-democracy activists.

“PRC actors very likely facilitate transnational repression by monitoring and harassing these groups online and tracking them using cyber surveillance,” the report said. “For example, the PRC has been publicly linked to cyber espionage operations against the Uyghur minority group, including members living in Canada, using spear phishing emails and spyware.”

Other Countries Named

Other state-backed threat actors highlighted in the cyber centre report include Russia, Iran, and India.

Russia’s cyber operations are characterized as “a multi-layered strategy” that combines conventional cyber espionage and computer network attacks with disinformation. Its primary goal is to enhance Russia’s global status while undermining democratic institutions in Canada and among its allies.

A specific case cited in the report involves a breach detected by Microsoft in January, where a Russian state-sponsored cyber threat actor known as Midnight Blizzard accessed the company’s cloud-based enterprise email service.

The group infiltrated correspondence between Microsoft and government officials in Canada, the United States, and the United Kingdom. Initially, the actors sought information about Russia itself, but later used personal data and credentials from the emails to gain access to Microsoft customer systems.

Meanwhile, the report said Iran has been expanding its cyberattacks to western countries amid its ongoing military conflict with Israel.

“Iran has taken advantage of its back-and-forth cyber confrontation with Israel to improve its cyber espionage and offensive cyber capabilities and hone its information campaigns, which it is now almost certainly deploying against targets in the West,” the report said.

During the press conference, Xavier also identified India as an “emerging threat” to Canada.

“India very likely uses its cyber program to advance its national security imperatives, including espionage, counterterrorism, and the country’s efforts to promote its global status and counter narratives against India and the Indian government,” the report said.

Citing her recent testimony before the foreign interference inquiry, Xavier noted India could potentially “flex those cyber threat actions against Canadians” amid ongoing diplomatic tensions.

Earlier this month, Canada expelled six Indian diplomats, prompting a reciprocal move by India, which also expelled six Canadian diplomats. This dispute arose after the RCMP announced its investigation into criminal activities allegedly involving “agents of the Government of India.” 

‘Ever-Present’ Threat

The Centre for Cyber Security says Canada has entered a new era in which cyber threats are “ever present.”

“Canadians will increasingly feel the impact of cyber incidents that have cascading and disruptive effects on their daily lives,” the report said.

The centre says the threat has expanded as Canadians increasingly rely on online platforms and digital technologies to go about their lives.

“These systems record and process vast amounts of data about us, often over poorly secured or untrustworthy digital networks,” it said.

Aside from the threats from hostile state actors, the centre notes that the cybercrime business model is “underpinned by flourishing online marketplaces” where leaked data is sold along with cyber tools for criminals.

Axios is reporting Thursday that Iran is still preparing a major retaliation in response to the Israeli aerial attack of the overnight and early morning hours of last Saturday. Israel’s strikes on missile and military facilities was itself a much anticipated response to the Oct.1st ballistic missile attack.

While most regional observers believe the tit-for-tat has cooled down, reflected in declining oil prices this week, the Axios report cites a pair of Israeli officials to say “Israeli intelligence suggests Iran is preparing to attack Israel from Iraqi territory in the coming days, possibly before the US presidential election.”

This would involve large numbers of drones and ballistic missiles, they say. Throughout the Gaza war, there have been sporadic drones launched by Iran-backed paramilitary units in Iraq, but nothing on a major scale.

Israeli sources on Thursday have suggested Iran is actually moving ballistic missiles to prepare for such an attack.

Also, Iranian Revolutionary Guard Corps (IRGC) commander Hossein Salami has been cited as saying that Iran’s response will be “different from any scenario” Israel might expect.

CNN too has been reporting the fresh threats, on Wednesday writing the following based on Iranian military sources:

Israel’s recent attacks on Iran will be met with a “definitive and painful” response that will likely come before the US presidential vote, a high-ranking source told CNN on Wednesday.

The remarks signal a departure from Iran’s initial attempts to downplay the severity of the strikes carried out by Israel on October 25, which marked the first time Israel has openly acknowledged striking Iranian targets.

“The response of the Islamic Republic of Iran to the aggression of the Zionist regime will be definitive and painful,” the source, who is familiar with Iran’s deliberations, said.

Although the source did not provide an exact date for the attack, they said it “will probably take place before the day of the US presidential election.”

Meanwhile, the Iraqi government is seething over Israeli warplanes violating its airspace during last weekend’s attack. It has lodged an official protest note with the United Nations about the illegal breach.

It appears the some one hundred Israeli jets reportedly used in the attack fired on Iran from over neighboring Iraqi airspace. Such a tactic has long been utilized by the Israeli Air Force in attacking Syria, as it typically fires from over undefended Lebanese airspace.

Currently US and Israeli negotiators say they are getting close to achieving a ceasefire with Hezbollah, but any new large-scale attack from the ‘Iranian axis’ would surely jeopardize such a potential deal.