Hackers linked to the Russian state succeeded in penetrating the computer servers of the City of Terrebonne, in a vast cyber espionage operation which would have affected 18,000 organizations around the world.
The municipality of 118,000 inhabitants used a tampered version of the Orion software from the American company SolarWinds for nearly five months.
Once infected, a Terrebonne server communicated with that of the cyber hackers in August 2020.
There is no indication that they stole any information from him.
“The attack would have gone no further than installing spyware,” said spokesperson Marie-Ève Courchesne.
Montreal music broadcaster Stingray is in the same situation.
Again, the pirates do not seem to have exfiltrated anything, says the director of technology of the company, Mario Dubois.
“It was a stressful Christmas,” he admits, however. Stingray had to reassemble the infected server and make sure the hack hadn’t done any damage.
In December, the United States accused Russia of being behind the attack on Orion, a network management and computer security software used by no less than 33,000 organizations around the world.
Hackers installed a “backdoor” in Orion’s code, allowing them to gain access to infected networks. Half of the users would be affected.
Most of them, however, are only “collateral victims”, the real targets being large US agencies, such as the State Department, Homeland Security and the National Institutes of Health.
“Terrebonne or Stingray, these are not really the kind of targets that the Russians or other officials were targeting, in my opinion,” said Patrick Mathieu, co-founder of Hackfest.
In Quebec, many public organizations use Orion, including several integrated health and social services centers.
The Ministry of Health did not detect “any malicious communication in connection with these attacks”, according to spokesperson Marie-Hélène Émond.
Several other clients come under Infrastructures Technologies Québec.
It is difficult to know the precise scope that the attack may have had in the organization, since it refused to release any document whatsoever in response to our access to information request.
“For security reasons, we do not give any details about our actions and our strategies”, simply mentions an unsigned email from the “communications department”.