DOCUMENTING HYBRID WARFARE / — incidents / UPDATED LATEST: 
Sabotage Watch SABOTAGEWATCHHybrid Threat Monitor
Cyber

Cyber incident affecting FINTRAC financial intelligence systems

02 March 2024 · Ottawa, Canada
Satellite Imagery © Esri

What happened

Over the weekend of 02 March 2024, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the country's financial intelligence unit and anti-money-laundering watchdog, detected a cyber incident affecting its information systems. As a precautionary measure, the agency took its corporate systems offline to protect the information it holds and to safeguard the integrity of its environment. The disruption was first reported publicly by The Record on 06 March 2024.

FINTRAC stated that the incident did not involve the Centre's intelligence or classified systems, indicating that its core financial intelligence holdings were not part of the affected environment. According to The Record, the agency said it was working closely with its federal partners, including the Canadian Centre for Cyber Security, to protect and restore its systems. CBC News reported that no ransomware or data-extortion group had publicly claimed responsibility.

Recovery extended over the following period, with FINTRAC, the Canadian Centre for Cyber Security and other federal bodies working to contain, investigate and mitigate the incident and to bring affected services back online. FINTRAC later said that, following forensic analysis, there was no evidence that any information had been removed from its systems or that any data was lost. The agency did not publicly identify a perpetrator or assign responsibility.

Assessment

FINTRAC did not publicly attribute the incident, and no state actor or criminal group was confirmed, so responsibility should be recorded as Unknown. The targeting of a national financial intelligence unit is sensitive given the data such bodies hold, but the agency's statement that intelligence and classified systems were not involved, and its later finding of no evidence of data loss, limits the confirmed impact. Claims of foreign or Russian involvement are not supported by the available reporting and should be treated as speculation pending official findings.

This dossier summarises open-source reporting and is updated as the investigation develops. Read the original report via the source link.