Canada's CSE Conducts State-Sanctioned Cyber Operations Against Ransomware, Drug Traffickers, and Extremists
In a revealing new report, Canada's intelligence agency, the **Communications Security Establishment (CSE)**, has disclosed state-authorized cyber operations against foreign entities in 2025. These active cyber operations targeted a ransomware-as-a-service gang, international drug traffickers, and a violent extremist group, demonstrating an assertive stance in national security.
Canadian intelligence officials have executed a series of state-authorized hacks against foreign threat actors, according to a report released last week by the **Communications Security Establishment (CSE)**. The **CSE**, Canada's equivalent to the NSA, detailed three distinct "active cyber operations" conducted in 2025 aimed at protecting Canadian interests.
### Disrupting Violent Extremism
One significant operation leveraged data from internet-connected devices to target an unspecified foreign extremist group. This group was actively "spreading violent ideology and seeking to recruit in Western countries, including Canada."
The **CSE** reported successfully undermining the group's credibility and limiting its ability to radicalize and recruit new members, effectively blunting its outreach efforts.
### Combatting Fentanyl Trafficking Networks
Another critical operation focused on cybercriminals operating overseas who were facilitating the sale of chemicals used in the production of fentanyl. This powerful opioid continues to cause tens of thousands of deaths annually across North America.
The agency stated its cyber intervention "disrupted and diminished" the traffickers, impacting their ability to contribute to the deadly drug trade.
### Dismantling Ransomware-as-a-Service Infrastructure
In a third operation, the **CSE** utilized signals intelligence to map the internal workings of an unspecified ransomware-as-a-service (RaaS) gang. This action aimed to disrupt the malware operators' capacity to extort victims.
The operation successfully "rendered the groupβs infrastructure inoperable and deleted a large amount of stolen data that was being advertised for sale on the dark web," directly impacting the gang's financial and operational capabilities.
### Broader Ransomware Disruptions
Beyond these three detailed operations, the **CSE** also reported carrying out "authorized technical disruptions" against 10 major ransomware gangs throughout the past year. These actions were designed to "make parts of their infrastructure unusable," illustrating a sustained effort to counter the pervasive threat of ransomware.