‘State or state-sponsored actor’ behind B.C. cyberattack: public service
Posted May 10, 2024 12:27 pm.
Last Updated May 10, 2024 9:49 pm.
The BC Public Service believes with a “high degree of confidence” that those behind a recently disclosed cyberattack against the provincial government were a “state or state-sponsored actor.”
Shannon Salter, head of the BCPS and deputy minister to the premier, gave more details regarding the attack on Friday, explaining the first incident occurred on April 10 and was then reported to the Canadian Centre for Cyber Security (the Cyber Centre).
The following day, Salter shared the BCPS engaged with Microsoft’s advanced cybersecurity detection and response team — otherwise known as DART — to help the province respond to the attack and mitigate further attacks.
CLICK HERE TO LISTEN TO 1130 NEWSRADIO VANCOUVER LIVE!Salter explained, since that time, the province has been working with the Cyber Centre and cybersecurity experts at Microsoft. No sensitive or personal information has been compromised, Salter assured.
B.C. Premier David Eby was briefed on the issue on April 17, Salter added.
More activity by the same threat state actor was found on April 29. Salter says all public servants were then directed to change their password and enhance password strength.
On May 6, another incident occurred, Salter shared, saying the Cyber Centre believes the series of incidents by the same state actor were also working to cover their tracks, increasing the complexity of the investigation.
However, Salter and the BCPS were unable to comment or confirm what or who the state actor or state-sponsored actor is believed to be. They also did not share specifically how many incidents occurred.
Speaking with reporters Friday, Public Safety Minister and Solicitor General Mike Farnworth did not say what exactly the attackers were after, though he notes there have been no request for ransom or a payout.
“This is not a ransomware attack from what we have been advised. This has been a very sophisticated attempted attack incident, and one of the things that has given that is cyber experts have told us is the way in which they tried to cover up their tracks,” he said.
“What I can tell you is it became evident to the technical experts within government and through the Canadian Centre for Cyber Security, as well as the private sector, Microsoft, detection and response team, that what they were seeing while investigating … that this was a very sophisticated operation.”
“It is the world we live in. We know that data information and accessing government information systems is something that is a reality and that’s why it’s important that government takes this seriously, makes it a priority,” Farnworth added.
He says the government will do a full review of the cyberattack — after they finish dealing with it.
“Ensuring the systems are secure, determining what kind of activity, what kind of cyber-intrusion is underway — if you give that information out, or say there’s been an intrusion or attack, before that work is done, what you end up doing is leaving the system open for even greater compromise and even greater intrusion.”
-With files from Robyn Crawford and Kier Junos.
