
The Canadian Communications Security Establishment (CSE) has released its latest annual report and, for the first time, attributed an attack on critical water infrastructure to a Russian-backed threat actor group.
CSE is Canada’s national cryptologic agency, responsible for foreign signals intelligence, cyber security and information assurance and includes the Canadian Centre for Cyber Security.
It previously warned in November 2025 of increased targeting of essential services including water systems:
Cyber threats to water infrastructure are growing, evolving quickly, and can affect every community in Canada. You don’t need to be an engineer or a cyber security expert to understand why this matters.
Rajiv Gupta, Head of the Canadian Centre for Cyber Security, in the introduction to the Unclassified report warned that cyber threats to water infrastructure were "growing, evolving quickly, and can affect every community in Canada."
These kinds of attacks on control systems reflect the fact that public health depends on access to clean water and thus operational systems have become a strategic target for state-sponsored actors to project power through disruptive or destructive cyber activity.

The NoName group were previously identified by the US Department of Justice when rewards of up to $10m USD were announced for information leading to the capture of named individuals.
The US accused the Russian groups of targeting "minimally secured, internet-facing virtual network computing connections to infiltrate (or gain access to) operational technology control devices within critical infrastructure systems."
Canada has responded to the rising threat over the last year by publishing detailed control guidance for the water sector, growing its security workforce by more than 300 personnel and taking steps to strengthen cyber security laws to protect critical infrastructure.
As CSE marks 80 years of service to Canada, we continue to adapt to a security environment, with cyber threats growing in scale and complexity.
Caroline Xavier, Chief of CSE
The annual report provides examples of how the CSE also leveraged 'active cyber operations' to target and disrupt organised crime groups and offshore extremist groups using the internet to harm Canadians.
This is at a time when more nations support 'hacking back' to defend critical national infrastructure.

The report from the FVEY partner adds to growing evidence of state-sponsored actors "becoming more aggressive ... moving beyond traditional espionage to conduct more disruptive activities."
Identifying Russia and China as primary concerns, CSE also highlights that both countries pose a growing physical threat in the Canadian Arctic as a race to control key minerals grows at the top of the globe.
We live in interesting times.