The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that could have led to dangerous conditions.
The authorities issued the warning to raise awareness of the elevated malicious activity targeting internet-exposed Industrial Control Systems (ICS) and the need to adopt stronger security measures to block the attacks.
The alert shares three recent incidents in which so-called hacktivists tampered with critical systems at a water treatment facility, an oil & gas firm, and an agricultural facility, causing disruptions, false alarms, and a risk of dangerous conditions.
“One incident affected a water facility, tampering with water pressure values and resulting in degraded service for its community,” describes the bulletin.
“Another involved a Canadian oil and gas company, where an Automated Tank Gauge (ATG) was manipulated, triggering false alarms.”
“A third one involved a grain drying silo on a Canadian farm, where temperature and humidity levels were manipulated, resulting in potentially unsafe conditions if not caught on time.”
The Canadian authorities believe that these attacks weren’t planned and sophisticated, but rather opportunistic, aimed at causing media stir, undermining trust in the country’s authorities, and harming its reputation.
Sowing fear in societies and creating a sense of threat are primary goals for hacktivists, who are often joined by sophisticated APTs in this effort.
The U.S. government has repeatedly confirmed that foreign hacktivists have attempted to manipulate industrial system settings. Earlier this month, a Russian group called TwoNet was caught in the act against a decoy plant.
Although none of the recently targeted entities in Canada suffered catastrophic consequences, the attacks highlight the risk of poorly protected ICS components such as PLCs, SCADA systems, HMIs, and industrial IoTs.
In response to the elevated hacktivist activity, the Canadian authorities suggest the following measures:
- Inventory and assess all internet-accessible ICS devices, and remove direct internet exposure where possible.
- Use VPNs with two-factor authentication, IPS, vulnerability management, and conduct penetration testing.
- Follow vendor and Cyber Centre guidance, including the Cyber Security Readiness Goals (CRGs).
- Report suspicious activity via My Cyber Portal or [email protected], and notify local police to support coordinated investigations.
Although ICS malware isn’t typically associated with hacktivist threats, it is also advisable to keep the firmware of all ICS components updated, plugging any security gaps that could be exploited for planting persistent backdoors.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
