DOCUMENTING HYBRID WARFARE / — incidents / UPDATED LATEST: 
Sabotage Watch SABOTAGEWATCHHybrid Threat Monitor
Cyber

Cyberattack on RCMP networks

23 February 2024 · Ottawa, Canada
Satellite Imagery © Esri

What happened

In late February 2024, the Royal Canadian Mounted Police (RCMP) disclosed that its networks had been targeted by a cyberattack. The force said it became aware of the incident on Friday, 23 February, when the RCMP's chief security officer notified staff in an internal email that the organisation was managing a 'cyber event' and urged employees to remain vigilant. The RCMP characterised the incident as 'alarming' but stated there was no impact on its operations and no known threat to the safety and security of Canadians or RCMP partners.

The RCMP said it had launched a criminal investigation and was working with other Canadian government partners to assess the breadth and scope of the breach. The force added that 'the quick work and mitigation strategies put in place demonstrate the significant steps the RCMP has taken to detect and prevent these types of threats.' The RCMP's public website was briefly unavailable over the following weekend. The nature of the attack and the identity of those behind it were not disclosed, and no perpetrator was named. Reporting noted a separate cyber incident affecting Global Affairs Canada disclosed around the same period, though it was unclear whether the two were connected.

Assessment

Attribution remains unestablished: the RCMP did not name a perpetrator and opened a criminal investigation, so any claim of state or specific actor involvement would be unsupported. The force's emphasis on 'no operational impact' alongside its description of the event as 'alarming' suggests a contained intrusion attempt rather than a confirmed large-scale data compromise, though the limited public detail makes the true scope uncertain. The near-simultaneous Global Affairs Canada incident invites speculation about a coordinated campaign, but no evidence of a link was confirmed. Details should be treated as provisional pending investigation outcomes.

This dossier summarises open-source reporting and is updated as the investigation develops. Read the original report via the source link.