TLDRs:
Contents
- Canadian intelligence agencies suspect a Chinese-linked group is behind a wave of cyberattacks on telecom networks
- The group, known as Salt Typhoon, appears to be focused on long-term intelligence gathering rather than immediate disruption
- Key vulnerabilities in telecom routers have been exploited, highlighting the growing technical sophistication of these threats
- Beijing has denied any involvement, though Canadian officials say the threat is likely to persist for years
Canadian authorities have linked a series of ongoing cyber intrusions to a group suspected of operating on behalf of the Chinese government.
The group, identified as Salt Typhoon, has reportedly targeted telecommunications infrastructure across the country in a campaign that Canadian intelligence agencies warn could continue well into the next two years.
The Canadian Centre for Cyber Security, working in coordination with the FBI, issued a joint advisory urging telecommunications providers and other key sectors to harden their cyber defenses. The advisory pointed to multiple compromised network devices registered to a Canadian firm, part of a broader pattern of activity that suggests a highly coordinated and persistent threat.
Officials believe the campaign is aimed more at long-term surveillance and espionage rather than immediate disruption. By compromising core network infrastructure such as routers and switches, the attackers can potentially monitor or redirect traffic without detection.
Salt Typhoon’s Tactics Unveiled
The tactics employed by Salt Typhoon reflect a growing trend in state-sponsored cyber activity, where the focus is shifting from targeting endpoints like user devices or websites to deeply embedded network infrastructure. This method offers threat actors greater persistence and stealth, especially when exploiting unpatched or newly discovered vulnerabilities.
According to the National Cyber Threat Assessment 2025–2026, China remains Canada’s most sophisticated and active cyber adversary. The report describes Beijing’s cyber program as expansive, aggressive, and deeply resourced, with ambitions that extend across surveillance, espionage, and digital influence operations.
Over the past four years, at least 20 Canadian government networks have been compromised by China-linked actors, the report adds. These breaches often target federal departments, provincial agencies, and even Indigenous government systems. Some compromises lasted for extended periods, giving attackers significant time to map internal networks and gather sensitive information.
Canada’s Cyber Readiness Under Scrutiny
While the joint advisory signals growing cooperation among allies like the US and Canada, it also exposes gaps in Canada’s cyber defense posture. Industry analysts warn that domestic cybersecurity initiatives are lagging behind, with stalled legislative reforms and inconsistent implementation of baseline protections across sectors.
Telecom giants like Rogers, Bell, and Telus have reportedly begun internal reviews and security upgrades following warnings about Salt Typhoon. However, experts suggest many of these actions are reactive and risk falling short against actors with the level of persistence and capability attributed to groups linked with the Chinese state.
Furthermore, critics say Canada has yet to develop a comprehensive national strategy that integrates private sector resilience, proactive threat hunting, and international cyber deterrence into a unified framework.
Beijing Denies Involvement
China’s government has repeatedly denied involvement in cyberattacks targeting Canada or its allies, describing such accusations as politically motivated and lacking evidence. Nonetheless, Canada’s latest assessment places Beijing at the top of its list of cyber adversaries, alongside actors from Russia, Iran, and North Korea.
Canadian intelligence officials remain firm in their position that China’s cyber operations are not isolated incidents but part of a broader geopolitical strategy. This includes targeting outspoken Canadian lawmakers, some of whom belong to the Inter-Parliamentary Alliance on China. In one such incident, attackers used tracking pixels in emails to map the digital environments of recipients.
That said, the warnings make clear that the threat landscape is evolving rapidly and that nation-state campaigns like Salt Typhoon represent a long-term challenge.
