This Canada Day, while the country celebrates its national pride, cybercriminals launched a widespread phishing campaign targeting key sectors across Canada. The attack, observed early this morning, focused on industries critical to the nation’s infrastructure, including construction engineering, energy, plumbing, and public utilities. Over 900 users globally submitted their credentials, with nearly 300 confirmed victims based in Canada—including personnel from critical infrastructure, municipal services, and private contractors.
Canada’s Most Targeted Cities (July 1, 2025)
Our cyber radar picked up intense activity across key urban centers:
Sector Breakdown of Impacted Users
Implications
This attack presents a significant threat to national stability and operational continuity. Credential compromise in these sectors may lead to:
CyberArmor Response & Recommendations
CyberArmor has shared indicators of compromise (IOCs) with national CSIRTs and key partners, and is providing direct support to impacted organizations.
We recommend the following immediate actions:
Enforce MFA across all user accounts
Review logs for unusual access patterns
Review logs for unusual access patterns
Reset passwords for accounts associated with compromised domains
Educate personnel on phishing indicators and reporting procedures
Deploy phishing-resistant authentication and outbound link scanning
Conclusion
This campaign serves as a reminder that nationwide holidays do not deter adversaries—they exploit them. CyberArmor remains committed to defending Canada’s infrastructure by identifying, analyzing, and mitigating emerging cyber threats in real time.
Want to detect threats 8+ months earlier?
See how DarkArmor's PreBreach intelligence can protect your organization.
