Cyber Incident Victim: Department of Justice Canada
Date:
Aug 2020
Location:
Canada
Summary
A cyberattack targeted the Canadian Department of Justice, compromising 14 ministry mailboxes and exposing email addresses of citizens who had corresponded with those accounts. Attackers leveraged the breached system to send malicious emails containing Emotet malware to affected individuals, potentially infecting recipients' systems. The ministry contained the incident swiftly but initially withheld public notification, only issuing a brief statement following media inquiries. The lack of proactive communication left citizens unaware of risks associated with suspicious emails referencing past interactions with the department, despite confirmed malware distribution through the compromised infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 11-12, 2020, the Quebec Ministry of Justice experienced a cyberattack involving unauthorized access to 14 employee mailboxes. Attackers compromised these accounts and extracted email addresses belonging to members of the public who had previously corresponded with the compromised accounts. The threat actors then leveraged the compromised mailboxes to send malicious emails containing Emotet malware to those external recipients. The malware-laden emails appeared to reference past communications between recipients and the Ministry, potentially increasing their credibility. The Ministry detected the breach and implemented containment measures promptly, though the exact timeline of detection relative to the initial compromise was not disclosed.
The incident exposed citizens to malware infections through emails purporting to originate from Justice Quebec addresses. While the Ministry confirmed the mailbox breaches and data exposure, it did not initially issue public warnings about the malicious emails. Public notification occurred only after sustained media inquiries, resulting in a brief official statement lacking detailed guidance for affected individuals. The Ministry did not disclose whether internal systems beyond email were compromised or if sensitive government data was exfiltrated. Confirmation of Emotet as the malware variant came from external analysis of samples provided to cybersecurity researchers. The attack disrupted public trust due to delayed transparency, though no quantitative estimates of infected recipients or financial impacts were provided by official sources.