The cyberattacks on B.C.’s government networks were carried out by a state or state-sponsored actors, but there is no evidence the attacks compromised sensitive information, says the province’s head of public service.
Shannon Salter said the attacks, which the government has described as “sophisticated,” occurred three times in the last month.
Mike Farnworth, Minister of Public Safety and Solicitor-General, did not comment on which state delivered the attacks. He said the Canadian Centre for Cyber Security believes this attack was state or state-sponsored based on its “level of sophistication.”
The hackers also tried to “cover up their tracks” while attacking, said Mr. Farnworth, which is distinct to this kind of actor.
The Canadian Centre for Cyber Security is part of Canada’s national cryptologic agency, the Communications Security Establishment, providing guidance, services and support to government on cybersecurity.
Mr. Farnworth said he has been in contact with the federal government regarding the attacks but made no comment regarding other collaboration with international agencies.
The initial attack was detected on April 10, Ms. Salter said. On April 29, government employees and public servants were asked to change their passwords in order to protect against the breach of security. Mr. Farnworth said the two-week delay was deliberate and based on guidance from the Canadian Centre for Cyber Security.
“If you give that information out or say that there has been an intrusion or attack before [system security] work is done, what you end up doing is leaving the system open for even greater compromising and even greater intrusion,” Mr. Farnworth said.
Suspicious activity was first detected by the province’s cybersecurity team. The team then notified experts at the Canadian Centre for Cyber Security and Microsoft Corp.
Mr. Farnworth noted that government sites and systems remained functional during the course of the security breach, but he declined to elaborate on what systems were affected by the breach. He said there have been no ransomware demands made by the attackers.
In 2022, B.C. allotted $50.8-million over eight years to strengthening cybersecurity measures and systems. Mr. Farnworth said one of the changes made since then allowed for the detection of this attack.
He noted that employees who work from home are protected by government networks and there is no indication that COVID-19-related changes in working environments might have caused this event.
The investigation into the attack is continuing and more information is expected to be released as it progresses, he said.
The attack came amid other incidents in the province in recent weeks, including hackers targeting B.C. libraries and demanding a ransom not to reveal user data, and an attack that forced retailer London Drugs to shut down stores across Western Canada for more than a week.
London Drugs president Clint Mahlman said in an interview Thursday that he didn’t know if the breach might be connected to the B.C. government incident.
With a report from The Canadian Press