A new assessment from the Canadian Centre for Cyber Security (CCCS) warns that growing cyber threats endanger national security and the critical infrastructure that supports daily life.
“The insights provided in this threat assessment are critical as we work to strengthen Canada’s security in an increasingly digital world,” said Defence Minister Bill Blair.
The report maps a complex and evolving threat landscape, noting increased sophistication and coordination among state and non-state cyber actors.
“Canada is confronting an expanding and complex cyber threat landscape with a growing cast of malicious and unpredictable state and non-state cyber threat actors,” the assessment states.
State-sponsored cyber threats
Rajiv Gupta, Head of the CCCS, warned that state adversaries are becoming bolder and more aggressive. He noted that profit-driven cybercriminals are exploiting new illicit business models to obtain malicious tools and are increasingly using artificial intelligence to boost their capabilities.
The report identifies the People’s Republic of China as presenting the most sophisticated cyber threat to Canada. It describes PRC state actors conducting broad cyber espionage aimed at political and commercial objectives, including intellectual property theft and influence operations.
“The PRC conducts cyber operations against Canadian interests to serve high-level political and commercial objectives,” the report says, adding that operations target multiple levels of government and Canadian officials perceived as critics of the Chinese Communist Party.
Russia is also cited as using cyber capabilities to target Canada as part of a wider strategy to destabilize Western nations and shape narratives in its favor. Russian cyber actors are suspected of targeting Canadian government, military, and industry networks.
Iran presents a growing cyber threat as well, with the assessment warning of an increased willingness to conduct disruptive operations beyond the Middle East. Iranian actors have been linked to cyber surveillance and social engineering campaigns aimed at political activists and diaspora communities in Canada.
Cybercrime remains a significant challenge
“Non-state actors are seizing on major global conflicts and political controversies to carry out disruptive activities,” Gupta observed.
Ransomware is singled out as a top cybercrime threat to Canadian critical infrastructure. The report emphasizes that ransomware attacks can directly disrupt the ability of critical infrastructure organizations to deliver essential services.
In 2023, global ransom payments reached a record $1 billion, and Canada saw a 150% increase in the average ransom paid over the past two years.
The emergence of Cybercrime-as-a-Service (CaaS) has lowered technical barriers for would-be attackers by making malicious tools and stolen data widely available. The report highlights high-impact ransomware groups—such as LockBit, ALPHV, and CL0P—that continue to affect sectors across Canada, from healthcare to government.
Emerging cyber threats
The Centre outlines five trends expected to shape Canada’s cyber threat environment through 2026.
One major trend is the role of artificial intelligence in magnifying cyber threats. AI-driven tools can increase the scale and precision of malicious operations and make social engineering attacks, like phishing, more convincing.
The assessment also highlights a rise in geopolitically motivated non-state activity, which adds unpredictability. Hacktivism tied to international tensions has surged, including groups aligned with pro-Russia positions that target Canada to influence public discourse and policy.
Vendor concentration is another vulnerability. Many organizations depend on a small set of large technology providers, so disruptions affecting dominant vendors could trigger widespread impacts. The report notes that threat actors continue to target major providers to exploit their scale and reach.
Responding to growing cyber threats
Despite these challenges, the National Cyber Threat Assessment provides actionable insights to improve national preparedness and resilience.
The CCCS emphasizes collaboration across government, industry, and the public to strengthen defenses and mitigate evolving threats.
Canada has allocated CAD 917.4 million to strengthen intelligence and cyber operations programs, reflecting a significant government commitment to addressing cyber threats.
The report stresses that building resilience will require collective action across sectors and communities to respond effectively to this expanding threat environment.
“While our assessments describe trends that should concern anyone who reads about them, you can rest assured that the Cyber Centre remains focused on tackling these threats,” Gupta concluded.
(Image by Gerd Altmann)
See also: NIS2 Directive: Experts share their views on the cybersecurity law
Want to learn more about cybersecurity and cloud technologies from industry leaders? Consider events such as the Cyber Security & Cloud Expo, which gather experts and practitioners to discuss trends, best practices, and emerging risks across cloud security, AI, IoT, and digital transformation.
Explore other upcoming enterprise technology events and webinars powered by TechForge.