A pro-Russian threat group is believed to be behind a distributed denial of service (DDoS) attack that has blocked access to Prime Minister Justin Trudeau’s official web site. The attack appears to have been timed to coincide with the government’s meeting today with Ukrainian Prime Minister Denys Shmyhal.
As of 1:30 p.m. Eastern, the Canadian Prime Minister’s web site https://pm.gc.ca/en was still unavailable.
UPDATE: The site was back up around 2 p.m. Eastern
At a press conference today, Trudeau addressed the incident. “As you know, it’s not uncommon for Russian hackers to target countries as they are showing steadfast support for Ukraine, as they are welcoming Ukrainian delegations or leadership to visit, so the timing isn’t surprising. But in case anyone was wondering, Russia being able to bring down an official government of Canada web page for a few hours is in no way going to dissuade us from our unshakable support of Ukraine.”
Trudeau also addressed news reports that leaked documents apparently from the U.S. Pentagon include mention of a pro-Russian hacktivist group telling Russian intelligence that the group had accessed a Canadian gas pipeline.
“I can confirm in regards to reports of cyber attacks against Canadian energy infrastructure that there was no physical damage to any energy infrastructure following cyber attacks,” Trudeau said.
It wasn’t clear from the statement whether Trudeau was confirming that a pro-Russian group recently had compromised the operational technology side of a pipeline company, or whether he was saying there has never been physical damage to a pipeline from a cyber attack.
The legitimacy of the stolen documents hasn’t been confirmed. The U.S. Justice Department is taking them seriously enough that it has opened an investigation, but some commentators think certain documents have been altered. For example, it is alleged that one document underestimates the extent of Russian casualties in the war with Ukraine, apparently to give the impression the war hasn’t hurt Russia as much as other countries think.
According to the news site Zero Day, the controversial stolen documents also include a page, apparently from a U.S. intelligence briefing, with two paragraphs about the alleged cyberattack by the Russian hacking group called Zarya on an unnamed Canadian energy company.
To prove its claim, Zarya allegedly shared screenshots with an officer of the Russian counterintelligence Federal Security Bureau (FSB) showing it had accessed the Canadian pipeline operator and had the ability to increase valve pressure, disable alarms, and initiate an emergency shutdown of the facility. Zero Day, which saw the stolen document, says the U.S. intelligence briefing didn’t identify the Canadian victim, writing that the screenshot was of an “unspecified gas distribution station.”
Zero Day says the U.S. briefing document it saw indicates that the hacking group was “receiving instructions” from someone presumed to be an FSB officer, who ordered them to maintain their network access, and that the hackers were on “standby” for further instructions from the FSB.
Asked for comment about the DDoS attacks, the federal Communications Security Establishment (CSE), which is responsible for defending government IT networks, said it is “aware of reports that some Government of Canada websites have been offline. CSE and its Canadian Centre for Cyber Security have observed that it’s not uncommon to see distributed denial-of-service (DDoS) attacks against countries hosting visits from Ukrainian government officials. While these incidents draw attention, they have very little impact on the systems affected.
CSE and its Canadian Centre for Cyber Security continue to work closely with our cyber defence colleagues at the Treasury Board Secretariat – Office of the Chief Information Officer, and Shared Services Canada and other Government of Canada departments and agencies to ensure there are systems and tools in place to monitor, detect, and investigate potential threats, and to neutralize threats when they occur.
“The Government of Canada (GC), like every other government and private sector organization in the world, is subject to ongoing and persistent cyberthreats.
“CSE works every day to defend government systems from threats. On any given day, CSE’s defensive systems can block anywhere from 3 to 5 billion events targeting GC networks. These defensive actions are a result of CSE’s existing dynamic cyber defence capabilities which remain ready to defend Government of Canada systems and help protect against future attacks.”