Statement on SolarWinds Cyber Compromise

April 15, 2021 – Ottawa, Ontario - Global Affairs Canada

The Honourable Marc Garneau, Minister of Foreign Affairs, the Honourable Bill Blair, Minister of Public Safety and Emergency Preparedness, and the Honourable Harjit S. Sajjan, Minister of National Defence, today issued the following statement:

“Today, Canada joins the United States and international partners in voicing our concerns related to a Russian cyber-espionage campaign that exploited the SolarWinds Orion platform.

“We learned in December 2020 that a highly skilled cyber-actor compromised the networks of thousands of SolarWinds customers, including over a hundred Canadian entities, by installing malware through program updates. This allowed the actor to target a smaller subset of those victims with additional malware for cyber-espionage purposes. This compromise has forced third parties to conduct costly mitigation activities and may have undermined public confidence in downloading software updates.

“Although no known Canadian entities have been exploited to date, the investigation continues. It will likely be years before the full extent of the compromises caused by this campaign are known.

“Canada assesses that APT29, also named ‘The Dukes’ or ‘Cozy Bear’ was responsible for this activity, and almost certainly operates as part of Russian Intelligence Services (SVR).

“This activity is concerning given other Russian state-sponsored actors’ history of disruptive and destabilizing cyber activities. We are voicing our concern to highlight the importance of strengthening our country’s cyber security.

“Cyber security is one of the most serious economic and national security challenges countries face. Canadians must trust that they can safely work and live online. A free, open, and secure cyberspace is critical to Canada’s economy, social activity, democracy and national security.

“We are committed to working diligently with the United States, close partners and allies to foster stability in cyberspace and promote Canadians’ safety and security.”

Previous Russian Cyber Threat Activity

“In recent years, Canada has repeatedly called out Russia’s disregard for agreed-upon norms on state behaviour in cyberspace, specifically Russian malicious cyber activity targeting COVID-19 vaccine development in Canada, the UK and US; the NotPetya global cyber outbreaks; and a cyber campaign that interfered with Georgia’s democratic process.”

Related products

• Backgrounder – SolarWinds Cyber Compromise

Associated links

• Canada’s international cyber policy
• Canada expresses concern over pattern of malicious cyber activity by Russian military intelligence