Canada’s National Research Council has written to partner companies informing them of a breach of its cybersecurity systems.
The breach was originally detected by Canada’s foreign signals intelligence service, the Communications Security Establishment (CSEC).
The NRC is the Canadian government’s research and technology organization, which works with academic and commercial clients to advance research projects, in areas of strategic and economic importance for Canada.
Suzanne Legault, Canada’s information commissioner, issued a statement accusing “a highly sophisticated Chinese state-sponsored actor” of the attack. The Chinese embassy in Canada denied the allegation.
The NRC said that the breach prompted it to “secure its information holdings” and to notify the Federal Privacy Commissioner. The Council also warned that it would take a year to create a new, secure IT infrastructure to prevent further attacks.