Canada’s intelligence agency, the Canadian Security Intelligence Service (CSIS), has revealed that it used a special court-approved warrant to remove malware from infected devices across the country. According to a newly released Federal Court ruling, this is the first time CSIS has used its threat reduction powers in this way. The operation targeted two botnets that were being operated by foreign adversaries and posed a risk to Canada’s national security.
The infected devices included servers, home and office routers, and various Internet of Things (IoT) devices such as security cameras, smart televisions, and internet-connected doorbells. These devices had been secretly compromised with malware and were being used as part of larger botnet networks. The malware allowed threat actors to control the devices remotely without the owners’ knowledge.
A botnet is a collection of infected devices that can be controlled by attackers to carry out malicious activities. In this case, the botnets were allegedly being used to disguise cyber operations and make malicious traffic appear as if it originated from ordinary Canadian internet users. This allowed foreign actors to hide their identities while conducting cyber activities.
Court documents show that the infected devices could be used as stepping stones to access critical infrastructure, government systems, and military networks. Officials warned that the botnets posed an imminent threat because they could be directed to probe, attack, or potentially disrupt important Canadian services. The energy sector was specifically identified as one of the possible targets.
CSIS required judicial authorization because the actions needed to neutralize the botnets could otherwise have violated Canadian criminal laws. Accessing and modifying data on someone else’s device would normally be considered an offence. The agency therefore sought a warrant that would legally allow it to alter, degrade, and destroy botnet-related data on infected systems.
Justice Catherine Kane approved the original warrant on May 1, 2024, and later renewed it for an additional 120 days. While the operation itself took place more than two years ago, the court only recently released a redacted public version of the ruling. Confidential reasons for the decision were issued earlier in 2026 before being partially disclosed to the public.
The court concluded that the threat to Canada’s security was clearly established and that the measures proposed by CSIS were necessary, reasonable, and proportional. Importantly, the ruling emphasized that the operation targeted devices rather than people. No personal identities, communications, or private content were collected, and any incidental personal information was required to be destroyed.
Cybersecurity experts note that similar botnet disruption efforts have previously been carried out in the United States by law enforcement agencies. However, Canada’s case is unique because it involved an intelligence agency using threat reduction powers rather than traditional law enforcement authorities. The decision marks a significant development in how governments may respond to cyber threats that exploit vulnerable internet-connected devices and critical infrastructure.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
