The Communications Security Establishment (CSE) disclosed in its latest annual report that Russian-backed cybercriminals from the group NoName successfully hacked into a Quebec municipality's water treatment plant, gaining the ability to control critical systems including pumps, chlorine dosing, and pressure settings. The breach, detected in October 2025, was one of over 3,200 cyber incidents identified by CSE affecting federal organizations or critical infrastructure sectors such as energy, critical minerals, and water.
Breach details and response
According to CSE, NoName claimed it had gained the "ability to covertly control pumps, chlorine dosing, pressure settings and monitoring/alerts systems." The report does not name the affected Quebec municipality. CSE was not the first to detect the breach; it was notified by the Organization of American States' cybersecurity coordination network of NoName's claim. The cyber agency then worked with unnamed partners to mitigate the threat.
NoName's ties to Russia
The U.S. Department of Justice has identified NoName as a cybercriminal group financially backed by the Russian government, frequently conducting operations against Russia's adversaries. They have often targeted North American water systems. This is the first time CSE has attributed a water treatment plant breach to a Russian-backed group and identified the province involved.
Growing threats to critical infrastructure
The CSE report warns that "state-sponsored actors are becoming more aggressive and are moving beyond traditional espionage to conduct more disruptive activities." It highlights Russia and China as primary state cyber adversaries, noting that both pose increasing threats in the Canadian Arctic, where challenges go "beyond traditional military and cyber threats to include economic and influence-related activities."
CSE's offensive and defensive operations
In its annual report, CSE also revealed that it deployed extraordinary powers to conduct offensive and defensive cyber operations to undermine a network of fentanyl precursor traffickers and an unidentified foreign extremist group seeking to recruit Canadians. The report underscores the escalating cyber risks to Canada's critical infrastructure and the need for vigilance.
