VYPR
cyberwarfarePublished Jun 30, 2026· 1 source

Russian Hackers Claim Attack on Quebec Water Utility, Raising National Security Concerns

Canada's Communications Security Establishment has revealed that Russian hackers claimed to have infiltrated a Quebec municipality's water utility, potentially gaining control of critical operational technology systems.

Canada's Communications Security Establishment (CSE), the nation's signals intelligence agency, has issued a renewed warning to the country's water sector, disclosing for the first time that Russian hackers targeted operational technology (OT) systems at a Quebec municipality's water utility last year. The revelation comes from the CSE's latest annual report, which detailed an online claim of responsibility made by the Russian hacker group NoName057(16) on October 7.

According to information relayed by CSIRTAmericas, a multi-national incident response clearing house affiliated with the Organization of American States, NoName claimed unauthorized access to the water treatment plant. The hackers asserted they had achieved the ability to "covertly control pumps, chlorine dosing, pressure settings and monitoring/alerts systems." The CSE report does not confirm the accuracy of these claims, noting that Russian hacktivist groups frequently exaggerate their operational successes as part of broader information warfare campaigns.

While the specific municipality targeted was not identified in the report, and no technical details of the intrusion were provided, the alleged breach highlights the persistent threat posed by nation-state actors to critical infrastructure. A CSE spokesperson stated that the agency is unable to provide further information but emphasized the ongoing collaborative efforts with international partners to identify, assess, and mitigate cyber threats.

The incident underscores the significant challenges in defending Operational Technology (OT) environments, particularly within sectors that may still rely on rudimentary security measures. The fact that the utility did not independently detect the intrusion, as suggested by the report's context, points to the ongoing difficulties in securing these specialized industrial control systems.

NoName057(16) has been identified by U.S. authorities as a "covert project" linked to Russian state security. An indictment unsealed in December charged a Ukrainian national for her role in cyberattacks attributed to the group. Despite a takedown of NoName infrastructure by European authorities in July 2025, the group reportedly resumed operations shortly thereafter, demonstrating resilience and continued intent.

The U.S. Department of State has offered a substantial reward for information leading to the identification or location of NoName members, citing over 1,500 distributed denial-of-service attacks against various government, military, and critical infrastructure entities in Ukraine and NATO member states. These actions are seen as part of Russia's grey zone campaign against Ukraine's allies.

This incident follows previous warnings issued by the CSE to the water sector last year, including an October advisory concerning the risks to internet-exposed ICS and OT systems and a subsequent November warning about general cyber threats to water utilities. The renewed alert emphasizes the ongoing vigilance required to protect Canada's essential water infrastructure from sophisticated cyber adversaries.

Synthesized by Vypr AI