Civil society groups “at high risk” of cyber threats

(Ottawa) Canada’s cyber espionage agency says countries like Russia and China are increasingly targeting civil society groups, such as nonprofits, journalists and human rights activists .

Communications Security Establishment Canada (CSE) issued the warning Tuesday in a joint security bulletin issued with agencies in the United States, United Kingdom, Japan, Estonia and Finland.

The bulletin states that “industry reports reveal a pattern of behavior among state-sponsored cyberthreat actors that target particular segments of civil society.”

The Canadian Center for Cyber ​​Security, part of the CSE, says civil society organizations and their staff are “at high risk” of being targeted by malicious cyberthreat actors.

The advisory identifies the threat as coming “primarily” from Russia, China, Iran and North Korea.

These targeted civil society groups also include advocacy organizations, cultural organizations, religious groups, academic organizations, think tanks, media, dissident organizations, diaspora groups, communities and individuals who who defend human rights and seek to promote democracy.

“Often, these organizations and their staff are targeted by state-sponsored threat actors who seek to undermine democratic values ​​and interests,” the joint bulletin said.

Agencies warn that threat actors are using increasingly personalized and subversive tactics, and are devoting significant resources to tracking down their targets.

The bulletin states that the activities of state-sponsored threat actors “are aimed at compromising organizational and personal networks and networks to intimidate, muzzle, coerce, harass or harm civil society organizations and individuals.”

Actors often access networks and devices by posing as trustworthy sources, then “tricking victims into providing their login credentials” or “clicking on a malicious hyperlink or attachment” . These actors often subsequently install spyware on devices, the bulletin said.

Targeted people often have a weak ability to defend themselves, for example due to a lack of internal IT support.

“People who belong to civil society often rely on insecure channels to communicate and must manage public profiles as part of their work,” the agencies point out.

“Organizations with weak defense capabilities are not adequately prepared to counter common cyber threats, such as psychological hacking attempts, and are therefore vulnerable. »

source site-61