Cyber Incident Victim: Canadian Armed Forces
Date:
Sep 2023
Location:
Canada
Summary
A cyber incident involving the Canadian Armed Forces stemmed from distributed denial-of-service (DDoS) attacks claimed by the India-affiliated hacking group Indian Cyber Force, causing temporary disruptions to the military's public website and other government entities including the House of Commons and Elections Canada. The military confirmed the website became briefly inaccessible to mobile users but emphasized no broader compromise of internal systems or sensitive data occurred, characterizing the incident as a resolved nuisance. These attacks coincided with heightened geopolitical tensions following public allegations by Canadian leadership regarding India's involvement in a Sikh activist's killing, with the hackers referencing the dispute in defaced messages on compromised small-business websites. Federal cybersecurity authorities noted DDoS campaigns as common during such events, reiterating their limited operational impact and ongoing monitoring efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late September 2023, multiple Canadian government institutions experienced distributed denial-of-service (DDoS) cyberattacks claimed by the hacking group Indian Cyber Force. The incidents began around September 25, with the House of Commons website suffering slow or incomplete page loading starting Monday morning due to an ongoing DDoS attack. On Tuesday morning, the Ottawa Hospital reported a brief interruption to its external websites, though no systems were breached. Early Wednesday morning, Elections Canada's website experienced approximately one hour of disruption through a separate denial-of-service attack targeting a non-sensitive site hosted externally. The Canadian Armed Forces confirmed its public website became unavailable to mobile users midday Wednesday, September 27, though service was restored within hours. All affected organizations emphasized these were superficial attacks targeting public-facing websites rather than core operational systems or sensitive data repositories.
Canadian authorities responded swiftly to mitigate the attacks. The House of Commons IT team implemented protective measures to safeguard networks while restoring service levels through continuous monitoring. Defence Minister Bill Blair characterized the military website outage as a common DDoS incident promptly addressed by cybersecurity officials, causing only minor inconvenience. The Communications Security Establishment's Canadian Cyber Security Centre, which had issued warnings about increased DDoS activity targeting government and critical infrastructure since September 15, confirmed these nuisance attacks rarely compromise information. Indian Cyber Force claimed responsibility through defaced small business websites displaying anti-Canadian messages referencing Prime Minister Trudeau's September 18 allegations regarding India's involvement in Hardeep Singh Nijjar's killing. While the group initially asserted it compromised Global Affairs Canada's travel advisory site, the department denied this occurred and the hackers retracted the claim. No government agency reported permanent system impacts or data breaches from these incidents.