Cyber Incident Victim: Defence Construction Canada
Date:
Sep 2019
Location:
Canada
Summary
Defence Construction Canada experienced a cyber-attack that disrupted its information technology systems, part of a broader wave targeting defense contractors across multiple regions. The incident impacted operational capabilities, mirroring similar disruptions at other entities in the sector. While specific attack details weren't disclosed, the event highlighted vulnerabilities within critical infrastructure organizations supporting national defense projects.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In September 2019, Defence Construction Canada (DCC), a Canadian defense infrastructure organization, experienced a cyber-attack that disrupted its information technology systems. The incident occurred around the same period as a separate attack targeting Rheinmetall AG, a major German military equipment and systems supplier. Both organizations, operating in the defense sectors of North America and Europe respectively, confirmed operational impacts from the intrusions, though neither disclosed the exact attack vectors or initial entry methods. The attacks coincided with heightened scrutiny of cybersecurity vulnerabilities within critical defense supply chains globally. While Rheinmetall’s prominence as a top-tier defense contractor underscored the strategic value of the targets, DCC’s role in managing Canadian defense infrastructure projects highlighted the breadth of entities affected. Neither organization specified whether data exfiltration occurred or whether the disruptions stemmed from ransomware, denial-of-service attacks, or other malware.
The incidents exemplified a pattern of cyber operations against defense-sector entities during this period, though attribution and motives remained unconfirmed in public reporting. DCC’s attack resulted in confirmed IT system disruptions, though the duration and full scope of operational downtime were not detailed. Similarly, Rheinmetall acknowledged system impacts but did not elaborate on recovery timelines or specific compromised assets. The parallel timing of the attacks across geographically dispersed defense contractors suggested a potential focus on supply chain or third-party vulnerabilities, though no technical evidence or actor claims were publicly corroborated. Neither DCC nor Rheinmetall disclosed incident response measures, such as system isolation, forensic investigations, or coordination with national cybersecurity agencies. The operational consequences for DCC’s defense construction projects or Rheinmetall’s manufacturing capabilities were not quantified in available reporting.