Cyber Incident Victim: Government of Canada Key
Date:
Sep 2023
Location:
Canada
Summary
A cyberattack involving distributed-denial-of-service activity disrupted government websites and internal systems across multiple Canadian jurisdictions, including the Yukon, Nunavut, P.E.I., Manitoba, and Saskatchewan. The Yukon government's primary website and internal services were restored within hours, though some subsidiary sites remained partially affected; operational impacts included temporary Wi-Fi outages, restricted access to cloud-based platforms like Microsoft Teams and SharePoint, and employee email or phone service interruptions. Physical government services experienced delays, with some offices limited to cash transactions. Officials stated no evidence of compromised citizen data or unauthorized file access. While Yukon systems largely resumed functionality, Nunavut's main government page remained offline as its investigation into the outage continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 14, 2023, the Yukon government experienced a distributed-denial-of-service (DDoS) cyberattack targeting its website and internal systems, beginning at midnight local time. The attack overwhelmed the network with abnormally high traffic volumes, causing widespread outages. Government employees lost access to Wi-Fi, Microsoft Teams, SharePoint, cloud-based software platforms, government email accounts, and internet-based phone services. Public-facing systems were also disrupted, with the Yukon government’s main website becoming inaccessible. Operational impacts were observed in downtown Whitehorse government offices, where longer wait times occurred and some departments, including motor vehicles, temporarily restricted transactions to cash-only payments. Officials stated there was no evidence of unauthorized access to government files or compromise of private citizen data during the incident. The attack coincided with website outages affecting the governments of Nunavut, Prince Edward Island, Manitoba, and Saskatchewan, though only Yukon explicitly confirmed a cyberattack at the time of reporting.
Yukon government technicians initiated restoration efforts, successfully reinstating access to the main website by late afternoon on September 14. Internal systems, including email and collaboration platforms, were also restored, though some subsidiary government websites remained partially non-functional. A government memo and Facebook post confirmed the attack’s DDoS nature and assured the public that mitigation work continued to resolve residual issues. The Yukon government committed to providing another update by September 15. Meanwhile, Nunavut’s government website remained offline as of Thursday evening, with officials investigating the cause of its outage without confirming whether it resulted from a cyberattack. No additional operational details or attribution for the attacks were disclosed by either jurisdiction in the immediate aftermath.