Canadian telecommunications infrastructure has fallen victim to a sophisticated cyberattack coordinated by Salt Typhoon, a hacking group with established ties to the Chinese government, according to joint assessments released by the Canadian Centre for Cyber Security and the Federal Bureau of Investigation. The breach compromised at least three network devices registered to a Canadian company, marking another notable escalation in state-sponsored cyber warfare targeting Western infrastructure.
Security agencies confirmed that the People’s Republic of China bears responsibility for the attack, in spite of Beijing’s repeated denials of involvement. The incident forms part of a broader Chinese campaign against Western infrastructure, with indicators suggesting Salt Typhoon operations extend far beyond the telecommunications sector into critical infrastructure and government systems.
The attackers employed advanced reconnaissance and exploitation techniques to identify vulnerable telecom network devices, conducting preliminary scans against Canadian networks before executing the breach. These reconnaissance activities targeted political, parliamentary, and civil society organizations, sometimes coinciding with major national events such as elections. The breach could cost organizations upwards of 4.35 million dollars in damages and recovery efforts.
Salt Typhoon conducted systematic reconnaissance against Canadian political and civil society targets, timing attacks around critical national events including elections.
Intelligence agencies warn that Salt Typhoon is expected to maintain and intensify operations against Canadian organizations, particularly telecom providers, over the next two years. Security experts emphasize the need for Canadian organizations to strengthen network defenses in response to the persistent threat landscape. Organizations across various sectors must engage in collaborative threat intelligence sharing to effectively counter these evolving cyber threats.
The scope of Chinese cyber infiltration extends considerably beyond this single incident. Security assessments indicate that a minimum of 20 Canadian government networks have been compromised by Chinese state-backed groups over four years, resulting in the theft of sensitive government data and valuable intellectual property.
Espionage activities have focused on Canada’s innovation ecosystem, including academic research and commercial development, supporting Chinese Communist Party strategic interests. Stolen data encompasses information relating to regional trade, natural resources, and governmental decision-making processes, potentially impacting Canada-China bilateral relations and commercial negotiations.
Past incidents attributed to Chinese advanced persistent threat groups have particularly targeted high-profile political figures and organizations, maintaining persistent access for years to facilitate continuous data exfiltration.
In response, Canadian cybersecurity authorities issued urgent bulletins demanding immediate network hardening across the telecom sector. The National Cyber Threat Assessment 2025-2026 explicitly identifies China as Canada’s leading cyber adversary, whereas the United States has enacted sanctions against Chinese companies and the Ministry of State Security.
