Canada joins international security partners in release of advisory, guidance on growing cyber security threat to civil society

News release

Ottawa, Ontario – May 14, 2024 The Canadian Centre for Cyber Security, a part of the Communications Security Establishment Canada, joins several global security partners today in warning the public about a growing cyber security threat to civil society organizations and individuals, a community that has been deemed high risk for state-sponsored cyber threats.

In a new advisory co-authored by Canada, the United States, Estonia, Japan, Finland and the United Kingdom, cyber security agencies share new details about the ways and means foreign threat actors use for cyber attacks on civil society targets. The high-risk community of civil society organizations and individuals is defined in the report as: nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities, and individuals involved in defending human rights and advancing democracy.  

According to industry reporting shared in the advisory, state-sponsored targeting of these organizations and individuals comes predominantly from the governments of Russia, China, Iran, and North Korea. Those same industry reports highlight the growing and real cyber security threat to civil society, which they describe as high-risk because:  

  • Civil society organizations and their staff have a high threat of being targeted by malicious cyber attacks – and are known targets -- of state-sponsored cyber actors seeking to undermine democratic values; and
  • Civil society organizations have a low capacity to defend themselves from such threats, often due to resourcing and the public nature of their work.

The advisory warns that the tactics are growing more and more personalized and subversive, with threat actors known to invest significant time and resources to researching each target. The report includes examples of how threat actors may pose as trustworthy sources to trick a victim into interacting with a malicious hyperlink. In another memorable example shared, the threat actors set up trojan-style, fake apps and online app stores housing malicious software – allowing them to access targets’ personal accounts and devices – and even remotely take over a user’s device.  

The advisory includes prevention tips and resources for civil society organizations, individuals, and software manufacturers.

Canadians can stay informed by visiting or for more on how to stay cyber secure.


“The expression of civil rights and free speech is a cornerstone of Canadian democracy. Unfortunately, authoritarian governments are increasingly using cyber means to target civil society groups and individuals, often across international borders. CSE, in close collaboration with global partners, is working hard to defend and protect our democratic institutions from such threats.”

- Caroline Xavier, Chief, Communications Security Establishment Canada

“The Canadian Centre for Cyber Security, a part of CSE, welcomes this report. The best way to protect Canadians from the growing threat of foreign interference, and digital transnational repression is to raise awareness about the threat. We all have a role to play in defending Canada from threats to our democratic institutions, including our civil society organizations and individuals.”

- Sami Khoury, Head, Canadian Centre for Cyber Security

Quick facts

  • According to Microsoft, in 2023, NGOs and think tanks were the second most targeted by state-sponsored actors (following the Information Technology Sector).

  • As of November 2023, CrowdStrike reporting revealed that five state-sponsored groups are known to target think tanks, eleven groups represent potential threats to NGOs, two groups target dissidents, and one group is known to target nonprofit organizations (NPOs).

  • Cloudflare has observed that malicious cyber activity against civil society organizations is “generally increasing.” In Quarter 2 of 2023, NPOs were targeted more than any other industry when looking at malicious traffic to NPO websites as a proportion of total traffic. In Quarter 3 of 2023, NPO and independent media organizations placed second behind the metals and mining industry, with 17.14% of all traffic to NPOs representing distributed denial-of-service (DDoS) attacks. Similarly, the European Union Agency for Cybersecurity (ENISA) found that targeted individuals within civil society were the second most-targeted sector globally between July 2022 and June 2023.

  • From 2022 to 2023, CSE produced over 3,000 foreign intelligence reports to alert and inform the Government of Canada about foreign-based threats and global events affecting Canada.

  • CSE helps to protect Canada’s democratic process by:

    • providing foreign signals intelligence to Government of Canada decision makers about the intentions, capabilities, and activities of foreign-based threat actors
    • defending Canada’s federal elections infrastructure from malicious cyber activity
    • proactively helping democratic institutions improve their cyber security
    • sharing unclassified threat assessments with the public
    • sharing information to help Canadians identify disinformation.
  • CSE’s Cyber Centre has been posting advice and guidance online to help inform and educate Canadians on the cyber threats that may be directed against Canada:

Associated links


Stay Connected
Follow CSE on Twitter

For more information (media only) please contact:
CSE Media Relations

Page details

Date modified: