Canada’s cyber authorities are warning that hacktivists are increasingly targeting internet-connected industrial systems after several recent incidents disrupted operations at utilities and small businesses across the country.

The Canadian Centre for Cyber Security said this week that, together with the Royal Canadian Mounted Police, it has investigated multiple cases involving compromised industrial control systems (ICS).

In one case, intruders changed the water pressure at a local utility, disrupting service for residents. In another, they tampered with an automated tank gauge at an oil and gas company, setting off false alarms. And at a farm, attackers altered the temperature and humidity in a grain-drying silo, creating dangerous conditions before workers intervened.

The Canadian authorities did not specify why they labeled the attackers “hacktivists” — a term for threat actors who hack for publicity rather than toward geopolitical or financial goals. The alert did not attribute the incidents to a specific group.

Such intrusions are often opportunistic, the alert noted.

“Exposed ICS components pose significant risks to organizations, their clients, and the broader Canadian public,” the Cyber Centre said.

Canada’s warning follows a global uptick in hacktivist activity against critical infrastructure. 

In late 2023, the Russian government-aligned group known as the Cyber Army of Russia Reborn (CARR) claimed to have attacked the industrial control systems of multiple U.S. and European critical infrastructure targets.

In January 2024, the group took responsibility for overflowing water storage tanks in Texas, resulting in the loss of tens of thousands of gallons of water. CARR also claimed to have compromised the SCADA system of a U.S. energy company, gaining control over alarms and pumps for its tanks.

In June, the U.S. State Department accused Iranians allegedly affiliated with a group known as CyberAv3ngers of targeting critical infrastructure with malware designed to compromise industrial control systems.

Not all claimed intrusions are real — in one case, pro-Russian hacktivists boasted of breaching a Dutch water facility, only for researchers to reveal it was a decoy system set up to monitor attackers’ behavior.

The Royal Canadian Mounted Police did not respond to requests for comment. Canada’s cyber agency warned that many smaller utilities, farms, and manufacturers continue to run poorly secured internet-connected systems, leaving them vulnerable to opportunistic attacks.