Skip to main content
The Globe and Mail
Support Quality Journalism.
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(}function setPanelState(o){dom.root.classList[o?"add":"remove"](,dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); } //

The Communications Security Establishment Canada (CSEC) complex in Ottawa, on Oct. 15, 2013.

Sean Kilpatrick/The Canadian Press

Tech giant Microsoft Corp. says Canada was among the targets of a major hack that is believed to have been carried out by Russian intelligence against U.S. government computer systems, private companies and others around the world.

Ottawa has said little about the sophisticated cybersecurity breach. However, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said Texas-based SolarWinds Inc.’s’ widely used network-management software was targeted in order to breach government and corporate networks.

Microsoft president Brad Smith said in a blog late Thursday that his company was hacked in connection with the attack on SolarWinds and that Canada was also hit.

Story continues below advertisement

“While roughly 80 per cent of these customers are located in the United States, this work so far has also identified victims in seven additional countries,” Mr. Smith said. “This includes Canada and Mexico in North America; Belgium, Spain and the United Kingdom in Europe; and Israel and the UAE in the Middle East. It’s certain that the number and location of victims will keep growing.”

Mr. Smith said more than 40 organizations were hacked including U.S. government agencies, companies with contracts with the U.S. government, tech companies and think tanks. He suggested Russia was behind the hack, pointing to the cybertechniques the country used in the 2016 U.S. election and French presidential election of 2017.

But he said this sophisticated cyberintrusion is far more worrying.

“This is not ‘espionage as usual,’ even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world,” he wrote. “The recent attackers used a technique that has put at risk the technology supply chain for the broader economy.”

Canada’s Communications Security Establishment, which is responsible for electronic surveillance and cybersecurity, said Friday that it is assessing the situation and working to ensure federal information technology (IT) systems and networks remain secure.

“While this situation remains ongoing, the Canadian Centre for Cyber Security is actively engaged with our government and non-government partners sharing cybersecurity advice and guidance, mitigation, and operational updates,” CSE spokesperson Evan Koronewski said in an e-mail.

Mr. Koronewski said the Canadian Centre for Cyber Security, a unit of CSE, has issued a Cyber Alert with recommended actions and mitigation advice including isolating SolarWinds servers and blocking internet egress from servers or other endpoints with SolarWinds software.

Story continues below advertisement

“The Cyber Centre does not comment on reporting by Canadian organizations regarding cyber incidents. As a result, we do not have any further information to add on potential targets and/or victims,” he added.

The Department of National Defence (DND) said it had used SolarWinds products in the past.

“The contracts for SolarWinds software identified, used at CFB Shilo, expired about ten years ago and did not involve the specific vulnerable version reported by U.S. agencies,” said Daniel Le Bouthillier, head of media relations at National Defence.

However, he said DND is assessing and monitoring “our systems to ensure our personnel, operations and capabilities are protected.” He provided no further comment.

Shared Services Canada, which manages the majority of Ottawa’s IT infrastructure, said that at this point, none of the SolarWinds platforms and products used by the government have been affected by the incident.

“As this is an ongoing issue, Shared Services Canada continues to assess the situation and is working with its government partners to ensure networks remain secure,” the department said Friday.

Story continues below advertisement

The U.S. government’s CISA said the hacking operation, which is believed to have started in March, breached U.S. federal agencies and “critical infrastructure” in an attack that was hard to detect and will be difficult to undo.

“This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,” CISA said. “Removing the threat actor from compromised environments will be highly complex and challenging.”

CISA has not said who it thinks is the “advanced persistent threat actor” behind the “significant and ongoing” campaign, but many experts are pointing to Russia.

“The magnitude of this ongoing attack is hard to overstate,” former U.S. Homeland Security adviser Thomas Bossert said in an article in The New York Times. “The Russians have had access to a considerable number of important and sensitive networks for six to nine months.”

Russian presidential spokesman Dmitry Peskov said Moscow had nothing to do with this hack.

“Even if it is true [that] there have been some attacks over many months and the Americans managed to do nothing about them, possibly it is wrong to groundlessly blame Russians right away,” Mr. Peskov told the Russian news agency Tass.

Story continues below advertisement

President-elect Joe Biden vowed to make the breach a top priority when he takes office in early January.

“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said in a statement. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in co-ordination with our allies and partners.”

Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow the authors of this article:

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies