Statement from the Minister of National Defence on Apache Vulnerability and Call to Canadian Organizations to Take Urgent Action

The Government of Canada Is aware of an Apache product vulnerability, which has the potential to be used by bad actors in limited and targeted attacks.

The Canadian Centre for Cyber Security (Cyber Centre), part of the Communications Security Establishment, is calling on Canadian organizations of all types to pay attention to this critical, internet vulnerability affecting organizations across the globe. The Cyber Centre published an Alert regarding this issue on December 10th, 2021. The Alert provides technical guidance that requires immediate attention.

Given the critical nature of this vulnerability and reports of active exploitation, we are urging Canadian organizations of all types to follow the recommended guidance and report any incidents to the Cyber Centre as soon as possible. If your organization depends on a third-party service provider, please engage the vendor immediately to inquire about the action they are taking.

As always, please note that good cyber hygiene is critical in minimizing the impact of these kinds of vulnerabilities. Visit Cyber.gc.ca to learn more.

The Government of Canada has systems and tools in place to monitor, detect and investigate potential threats, and takes active measures as required. Out of an abundance of caution, some departments have taken their services offline while any potential vulnerabilities are assessed and mitigated. At this point, we have no indication these vulnerabilities have been exploited on government servers.

The Government is continuously working to enhance cyber security by identifying cyber threats and vulnerabilities, and by preparing for and responding to all types of cyber incidents to better protect Canada and Canadians.

The Honourable Anita Anand
Minister of National Defence

Date modified: