Pulse Detail — Threat Intelligence

PULSE NAME

Canadian Government Ransomware - ALPHV/BlackCat + LockBit (CCCS Advisory) Critical Infrastructure - DugganUSA

WHITE pduggusa 2025-11-30 Modified: 2025-12-30

IOCs

LOW VOLUME

Canadian-focused ransomware threats. CCCS National Cyber Threat Assessment 2025-2026: Ransomware is top cybercrime threat to Canada's critical infrastructure. CSE countered top 10 ransomware groups, issued 336 pre-ransomware notifications to 309 Canadian orgs (74-148 incidents averted, $6-18M saved). Chinese hackers breached 20+ Canadian govt networks. STIX: analytics.dugganusa.com/api/v1/stix-feed

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1566.001 T1190 T1078 T1059.001 T1486 T1021.001 T1003 T1567

MALWARE FAMILIES

ALPHV BlackCat LockBit

Indicators of Compromise (8)

All domain hostname FileHash-SHA256

TYPE	INDICATOR	DESCRIPTION	CREATED
domain	fleetdeck.io	Legitimate service abused - CCCS	2025-11-30
domain	gofile.io	File sharing abuse - CCCS	2025-11-30
domain	storjshare.io	Cloud storage abuse - CCCS	2025-11-30
domain	privacy.sexy	Privacy tool abuse - CCCS	2025-11-30
hostname	2uee6idu7qoaqdata000.blob.core.windows.net	Data staging - CCCS	2025-11-30
FileHash-SHA256	140bcad5397858a7fa35a79dba4cd83decd4ae2927a22983218b3a0efebd8b9e	CCCS Advisory	2025-11-30
FileHash-SHA256	1c2fbab9c849db1e8d8f26d217a7434aad3cab45b6f3c6c2de81b548220779fd	CCCS Advisory	2025-11-30
FileHash-SHA256	20529bcdc538cc28303300bab95b9daeb07264cf7ccdef837f87e26ea2a4f23f	CCCS Advisory	2025-11-30

References (5)

↗ https://www.cyber.gc.ca/en/alerts-advisories/alphvblackcat-ransomware-targeting-canadian-industries ↗ https://www.cyber.gc.ca/en/guidance/national-cyber-threat-assessment-2025-2026 ↗ https://www.canada.ca/en/communications-security/news/2025/11/backgrounder-malicious-cyber-activity-targeting-canadian-critical-infrastructure.html ↗ https://analytics.dugganusa.com/api/v1/stix-feed ↗ https://www.dugganusa.com