SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Digital shield protecting canada map cybersecurity cyber threats illustration
#
Data Protection
#
Advanced Persistent Threat Protection
#
Cybersecurity

From North Korea to Telegram: Canadian cybercrime-as-a-service

Sat, 13th Sep 2025
Author image
By Jake MacAndrew, Editor

At Bell Canada's inaugural Cybersecurity Summit, Chris Lynam, Director General of the National Cybercrime Coordination Centre (NC3) and Canadian Anti-Fraud Centre, RCMP, said he hasn't seen any part of society not affected by the rise of cyberattacks in the country.

"Our country is under attack every day. Our economy is under attack every day. Our children's data is being stored. The social services that we rely on are being attacked," said Lynam. In 2025, cybercriminals have become businesspeople. It's called Cybercrime-as-a-Service (CaaS).

The government's National Cyber Threat Assessment for 2025/2026 stated that "with CaaS, specialised threat actors sell stolen and leaked data and ready-to-use malicious tools to other cybercriminals online, enabling their illicit activities." Services include Malware-as-a-Service, Ransomware-as-a-Service, and Phishing-as-a-Service, among others.

"Cyber criminals have figured out how to use AI…now, full game on, they have figured out how to use normal large language models and jail break them or figure out how to use them for nefarious purposes. They've also custom created their own models that are specifically designed to support cybercrime," said Lynam.

Lynam showcased a CaaS service, Lab Host, which his team took down Canadian operations of domestic users during Project NOVA this year. "Lab Host operated as a traffic crime as a service, or phishing as a service. What they offered was for a low monthly subscription of $179 or $249 for the premium package, it would allow a user to create very realistic login pages [of financial institutions]." Users could access this program through publicly available networks like Telegram. The Canadian channel had around 4,800 users.

"The evidence collected to date suggests close to one million Canadians were directly impacted by LabHost. An extensive amount of personal information, including sensitive banking credentials, was stolen and trafficked by criminal users of the platform," stated the Royal Canadian Mounted Police in a report on the project. 

Lynam expressed additional concern about the threat posed by foreign nationals as potential threat actors. The Canadian Centre for Cyber Security lists China, Russia, Iran, India and North Korea as countries with reported threat actors.

"North Korea, arguably the world's largest bank robbers. They also attack and go after cryptocurrency. As you know, they're in a highly sanctioned regime, so they need to generate revenue. So they figure out very innovative ways of doing that, including having state employees apply for jobs [Canadian] companies remotely, and some of them have been hired in this country."

In the U.S., a North Korean hacker was charged in Kansas City for ransomware attacks on hospitals and other healthcare providers. "North Korean hackers developed custom tools to target and extort U.S. health care providers and used their ill-gotten gains to fund a spree of hacks into government, technology, and defense entities worldwide, all while laundering money through China," said Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security Division in a Department of Justice release.

According to the RCMP's Cyber/Fraud Related Losses Trend, Canadian financial institutions lost nearly $650 million in 2024 due to cyber-related crimes. Lynam says that this figure might only represent 10 per cent of the actual losses of that year. 

To combat the increasing number of innocent individuals becoming victims of these threats, the RCMP has launched campaigns to raise awareness about the increase in cyber threats as a Canadian business solution. Lynam said a recent Google ad campaign linked to anti-phishing material if a user searched for scamming tools online. 

"We had over 10,000 impressions. I think we had about 2,000 click-throughs [and] we had a capture rate of 11% it's actually pretty good," said Lynam. "Only at a cost of $2,200. So even if of that 10,000 if we just prevented one of those individuals, we think that's a pretty good return."

The RCMP will be launching a new online cybercrime reporting system. It is currently in beta testing, with the full operation expected to be available in the fourth quarter of this year.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Barracuda unveils AI assistant to boost security team efficiency
Fortinet reports strong Q3 revenue growth & SASE adoption surge
Seven critical ChatGPT flaws expose users to data theft risks
Inside Harvey AI’s Toronto strategy with CBO John Haddock
Check Point scores 99.59% in top firewall security report by NSS

Top stories

Hexaware boosts cybersecurity with strategic CyberSolve acquisition
Avanade unveils suite of Microsoft-powered tools for midmarket firms
Forrester predicts AI errors to cost B2B firms over USD $10 billion
Ping Identity launches platform to secure & manage AI agents
Gigamon unveils quantum-safe cryptography in GigaVUE update