This Canada Day, while the country celebrates its national pride, cybercriminals launched a widespread phishing campaign targeting key sectors across Canada. The attack, observed early this morning, focused on industries critical to the nation’s infrastructure, including construction engineering, energy, plumbing, and public utilities. Over 900 users globally submitted their credentials, with nearly 300 confirmed victims based in Canada—including personnel from critical infrastructure, municipal services, and private contractors.
Canada’s Most Targeted Cities (July 1, 2025)
Our cyber radar picked up intense activity across key urban centers:
- Montreal – 184 attacks
- Toronto – 154 attacks
- Varennes – 26 attacks
- Ottawa & Quebec City – 33 each
Sector Breakdown of Impacted Users
- Construction & Engineering Firms: Companies responsible for national and regional development projects
- Energy Providers: Personnel tied to power generation and distribution
- Plumbing and HVAC Services: SMEs that maintain operational capacity across buildings and public facilities
- Infrastructure Contractors: Including municipal transit and public works vendors
Implications
This attack presents a significant threat to national stability and operational continuity. Credential compromise in these sectors may lead to:
- Unauthorized access to internal systems
- Disruption of service delivery and maintenance operations
- Potential staging for ransomware, supply chain compromise, or surveillance
CyberArmor Response & Recommendations
CyberArmor has shared indicators of compromise (IOCs) with national CSIRTs and key partners, and is providing direct support to impacted organizations.
We recommend the following immediate actions:
Enforce MFA across all user accounts
Review logs for unusual access patterns
Review logs for unusual access patterns
Reset passwords for accounts associated with compromised domains
Educate personnel on phishing indicators and reporting procedures
Deploy phishing-resistant authentication and outbound link scanning
Conclusion
This campaign serves as a reminder that nationwide holidays do not deter adversaries—they exploit them. CyberArmor remains committed to defending Canada’s infrastructure by identifying, analyzing, and mitigating emerging cyber threats in real time.
