The Communications Security Establishment complex in Ottawa in October, 2013. The agency says it collected foreign intelligence on the criminals involved in brokering fentanyl ingredients.Sean Kilpatrick/The Canadian Press
Canada’s electronic eavesdropping agency conducted cyberattacks to disrupt the activities of online foreign criminals who were brokering the purchase and sale of precursor chemicals used to make the opioid fentanyl, according to its latest annual report.
It’s part of an increased workload at the rapidly growing Communications Security Establishment, which collects foreign intelligence, safeguards federal government infrastructure from cyberattacks and uses technology to disrupt adversaries, when authorized.
CSE chief Caroline Xavier in the 2025-26 annual report, released Monday, said her organization, one of Canada’s main spy agencies, is entering a period of “sustained expansion and transformation” and that its work force grew by more than 8 per cent last year to 4,178 people.
The agency’s budget will surpass $2-billion in 2026–27, according to the Main Estimates tabled in Parliament in February, up from just over $1-billion in 2024–25.
The CSE’s latest report said it also stepped up its intelligence and cyberdefence work in the Arctic this year, citing growing interest in the region from Russia and China, “extending beyond traditional military and cyberthreats to include economic and influence-related activities that seek to shape access, infrastructure, and decision-making in the region.”
Fentanyl precursors are seen in a pill press.Andrew Kelly/Reuters
It said sensors it had previously installed in government computer infrastructure in Yukon, the Northwest Territories and Nunavut in 2024–25 are helping “detect malicious cyber activity in devices.”
Bill Robinson, an expert on Canadian signals intelligence and a research fellow at the University of Toronto’s Citizen Lab, said that, during the Cold War, the CSE specialized in intercepting communication signals in the Arctic, through listening posts in Masset on Haida Gwaii; Gander, N.L.; Canadian Forces Station Leitrim outside Ottawa; and Canadian Forces Station Alert on Ellesmere Island. Those are still active today.
He said the CSE, like the Department of National Defence, the RCMP and the Canada Border Services Agency, was mostly shielded from Ottawa’s 2025 spending reduction exercise where federal departments had to cut 15 per cent of their budget over three years. Instead, it was required to cut 2 per cent.
“As with military spending, the Carney government has turned its budget fire hose on the Communications Security Establishment and is drenching the agency in money,” Mr. Robinson said.
Over the years, Ottawa has formally granted the CSE more authority. Its original task was foreign signals intelligence – intercepting others’ conversations or data – and later it was tasked with protecting Ottawa’s communications through cryptography and cybersecurity.
How the 'discovery' of fentanyl changed North America
In 2001, its ability to provide assistance to federal law enforcement and security agencies was formalized in law, and in 2019, it was given authority to conduct defensive and active, or offensive, cyberoperations – including going into foreign computer systems to disrupt threats to Canada or advance Canadian interests.
“CSE is seen as the darling of the national security community because of its capabilities,” Stephanie Carvin, an associate professor and national-security expert at Carleton University, said. “We don’t often think of Canada as having powerful foreign intelligence capabilities, but the CSE is extremely capable and a well-respected organization.”
The CSE annual report said the agency’s intelligence gathering in 2025-26 supported Canada and allies “to list and enforce sanctions against Russia, including identifying entities that the Russian government is using to circumvent international sanctions.”
It also backed efforts by Canada and partners to “identify and counter People’s Republic of China state-sponsored cyberespionage.”
On the fentanyl brokers, the CSE said it collected foreign intelligence on the criminals involved and then conducted an active cyberoperation – disruptive hacking – against them that the agency says, “disrupted and diminished their ability to operate.” The CSE says it also supported law enforcement as part of the effort.
Drug-overdose deaths are falling across Canada. Why is Edmonton an exception?
The CSE’s active cyberoperations must be authorized by the Minister of National Defence. The Minister of Foreign Affairs must also consent. The report said the CSE had three authorizations to conduct active cyberoperations in 2025–26, the same number as the year prior.
The annual report does not identify the fentanyl brokers, their country of origin or the specific techniques that the CSE used to disrupt their activities.
Prof. Carvin said the CSE’s attack on the fentanyl brokers could have targeted their ability to pay – including seizing or locking their digital assets such as cryptocurrency wallets - or hacked the fentanyl brokers’ communications, among other disruptive actions.
Canada has been under pressure from U.S. President Donald Trump’s administration since early 2025 to crack down on fentanyl production and distribution. Mr. Trump used fentanyl as justification for tariffs on Canada that started at 25 per cent and rose to 35 per cent, before the U.S. Supreme Court struck them down in February as exceeding presidential authority.
It is the first time the CSE has publicly described a completed offensive cyberoperation targeting the fentanyl supply chain in its annual report. The agency’s annual report for 2024-25 had said the CSE had “developed new campaigns” to identify and disrupt transnational criminal networks responsible for fentanyl and synthetic opioid supply chains, but stopped short of describing any executed operation.
The CSE also says in its latest annual report that it took concurrent action against 10 of the most significant ransomware groups causing harm to Canada and its allies. And working with Five Eyes security and intelligence partners and law enforcement, it conducted an active cyberoperation against a specific ransomware-as-a-service group responsible for more than 25 incidents against Canadian organizations in the transportation, health care, pharmaceutical and business sectors. The CSE said the operation rendered the group’s infrastructure inoperable and deleted a large amount of stolen data the group had advertised for sale on the dark web.
The expansion of the CSE is not just in budget and personnel. Defence Construction Canada, a Crown corporation that builds defence infrastructure, last fall issued a procurement notice for a new building at the CSE’s Ottawa headquarters – designated “CSE New Building 8” – estimated to cost between $150-million and $300-million.
It would be a “self-contained, purpose-built extension, which will be physically integrated” into the existing building infrastructure, DCC said. “This building will serve as an extension of current operations, providing additional space to support business growth and specialized functions.”