Chinese cybercriminals are finding success using social engineering attacks to easily compromise companies, with an increased focus on universities, financial institutions, defense contractors, and critical infrastructure. Likely state-sponsored cyberattackers were able to breach the Canadian National Research Council, searching around for scientific research information and possible trade secrets.
A spear-phishing attack, with the email including an attached piece of malicious code, found its way onto the organization's network. The Canadian government didn't disclose what type of information could have been compromised from the breach, which took place earlier in 2014.
It is also unclear as to whether any personal information has been compromised," said Tobi Cohen, a privacy commissioner spokeswoman, as noted by the CBC. "We are satisfied that the organization took appropriate steps to notify employees and other parties about the cyber-intrusion and that efforts are underway to update [information technology] systems and security procedures to prevent this from happening again."