The B.C. government says it is facing a sustained series of cyberattacks from what it describes as a “sophisticated” state or state-sponsored actor.
Government officials said on Friday they are working with the federal agency Canadian Centre for Cyber Security to determine the next steps that need to be taken; however, as of today, there is no indication sensitive government or personal information has been compromised.
Shannon Salter, deputy minister to the premier and head of the public service, led a technical briefing with media on Friday, noting officials are also working with Microsoft, which provides computer hardware and software for the government.
The attack was first detected on April 10 and reported to the centre April 11. It is described as a series of attacks that ultimately led to Premier David Eby being personally briefed on April 17.
On April 29, officials detected additional and broader activity by the same threat actor and Salter then ordered all public servants to change their computer passwords.
On May 2, the threat actor was detected covering its tracks and on May 8 the centre provided a classified briefing, which was provided to the B.C. cabinet.
Officials would not state the nation connected to the attacks.
Nor would officials indicate what, if any, part of government is being targeted.
The B.C. government has 40 terabytes of data in its servers and blocks about 1.4 billion unauthorized attempts for access daily, officials noted.
Officials also would not comment on what differentiates these attacks from others; on Thursday, the government took an extraordinary step of revealing the attacks in a news release.
The B.C. government has several ministries providing service to the public in addition to Crown agencies, such as ICBC and BC Hydro.
Solicitor General and Minister of Public Safety Mike Farnworth spoke briefly to media about the attacks Friday afternoon.
Farnworth said he has not been told what state may be perpetrating the attacks.
“We will continue to be as transparent as possible,” said Farnworth.
“The investigation is ongoing so I’m not able to comment on what state or state-sponsored actor it may be,” he added.
No ransomware demands have been made, the minister said, adding any motive remains unknown for the attacks.
As to why it is suspected to be a state actor, Farnworth said officials detected a level of sophistication only seen by foreign governments.
The centre notes online that “the state-sponsored cyber programs of China, Russia, Iran and North Korea continue to pose the greatest strategic cyber threat to Canada” and “critical infrastructure is still a prime target for both cybercriminals and state-sponsored actors alike.”
Recent attacks on Microsoft are reported to be from China and Russia. The Washington Post reported April 2 that a White House-directed review board rebuked Microsoft for a 2023 cyberattack by China. And on March 8, Microsoft issued a public statement on Russian state-sponsored actor also known as NOBELIUM attacking its corporate email systems.
Farnworth was asked if work-from-home arrangements for public servants can lead to vulnerabilities; the minister said such arrangements are just as safe since workers utilize government systems and servers.
The government invested $50.8 million in 2022 to update cyber-security controls, Farnworth noted. The government's chief information office has 76 staff and an annual budget of $25 million.
