Canada goosed as attackers shutter hospitals and China deepfakes its politicians

Cybercriminals have Canada in the crosshairs, with five Ontario hospitals and a fresh Spamoflague disinformation campaign targeting "dozens" of Canadian government officials, including the PM.

The cyberattack against five southern Ontario hospitals has shut down IT systems, forcing them to cancel patient appointments over "the next few days," according to service provider TransForm. The statement said it was investigating whether any patient data was accessed during the incident, but couldn't say for sure yet.

On Monday, the services org posted an alert saying that its member hospitals and Windsor-Essex Hospice were experiencing a systems outage, which included email. "If your patients have a pre-booked appointment, please be advised they might be delayed or postponed," the notice said. 

Later that same day, TransForm provided an update on the hospitals' technical issues, and said it "determined that our member hospitals are experiencing a cyberattack." The intrusion, was affecting patient care "in various ways," according to Transform and the five member hospitals, which all posted the same alert on their websites.

The company spokesperson did not respond to The Register's inquiries about the security snafu.

TransForm is a nonprofit founded by the five — Windsor Regional Hospital, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, Bluewater Health, and the Chatham-Kent Health Alliance — to manage their IT, supply chain, and accounts payable services. TransForm transmits one million patient-related messages each day and manages 10,000 devices, according to its website.

Spamouflage trolls PMs

Meanwhile, also on Monday the Canadian government reported that a disinformation campaign dubbed Spamouflage, apparently connected to the People's Republic of China, has been spamming government officials' Facebook and X (formerly Twitter) accounts since early August.

Spamouflage, also known as Dragonbridge, is the PCR's troll farm that Meta has linked to 7,704 Facebook accounts, 954 Facebook pages, 15 groups on the social network and 15 Instagram accounts, as well as over 50 other platforms, including X of course.

While most of the crew's work is decidedly spammy (beauty advice, cooking tips, and bot comments on others' social media accounts), some of its efforts have garnered more attention. This includes fake news stories ahead of the 2022 US midterm elections and trolling rare-earth mining companies, which prompted a Pentagon response.

• LockBit: Sorry about the SickKids ransomware, not sorry about the rest
• US-Canada water org confirms 'cybersecurity incident' after ransomware crew threatens leak
• Let's play a game: Deepfake news anchor or a real person?
• Meta reckons China's troll farms could learn proper OpSec from Russia's fake news crews

More recently, the trolls have moved into pretty convincing deepfake news videos.

According to Global Affairs Canada, the Spamouflage campaign against politicians of all political stripes started in early August and accelerated over September's Labour Day long-weekend. The government said "thousands of comments" in English and French on Canadian Members of Parliaments' (MPs) Facebook and X accounts.

This included "dozens" of politicians from both parties and across all regions: Prime Minister Justin Trudeau, the Conservative-party leader of the Official Opposition Pierre Poilievre, and several members of Cabinet.

"These spam comments claimed that a critic of the Chinese Communist Party (CCP) in Canada had accused the various MPs of criminal and ethical violations," the government statement said.

"The Spamouflage campaign also included the use of likely 'deepfake' videos, which are digitally modified by artificial intelligence, targeting the individual."

Government officials notified the social media platforms, which then removed much of the spam, we're told. Not that new accounts won't be created; this kind of garbage is becoming a global problem, not just one confined to the Great White North. ®