The CIA admits to using a cyberattack to disrupt Venezuela's computer network, coinciding with a rash of hacktivist attacks on Canadian critical infrastructure. 
2025 has been a big year for politically motivated cyber attacks. In June 2024, Ukraine’s Operation Spider Web captured global attention when their powerful, remotely ordered, drone reportedly caused $7 billion in damage to Russian aircraft. China’s infamous Salt Typhoon hack, which targeted the cellular metadata of almost all Americans, has caused serious discourse about national cybersecurity for defense in the midst of a growing cyber campaign sponsored by the country. Of course, China is not the only country that the US has considered a cyber threat; the 2025 Office of the Director of National Intelligence (ODNI) threat assessment named China alongside Russia, Iran, and North Korea, other countries that have considerable histories of targeting the US for political reasons.
This week, news about cyberattacks launched by the US against a foreign regime have come to light. The Central Intelligence Agency (CIA) quietly sent out a cyberattack against the Venezuelan government in the last year of Trump’s first term, 2020. The move was successful, effectively disabling the computer network supporting the administration led by Nicolás Maduro. Maduro has been Venezuela’s president since 2013, and continues to face allegations of being a dictator. He is also considered to be a crucial factor in the historical economic and political collapse that has forced millions of Venezuelans out of their homeland. On top of these issues, his socialist standing likely also made Maduro a person of interest to the US.
In his first term, Trump had asked the CIA to oust Maduro, even saying that “all options are on the table,” according to Jimmy Story, a leading US diplomat for relations to Venezuela between 2018 and 2023. Then, Trump had repeatedly requested a forceful means of removing Maduro from office. Leaders in the CIA and the Pentagon were reluctant and instead worked with the administration to support a political alternative - Juan Guaido. Though Guaido was officially recognized by other countries as Venezuela's new president in 2019, a rigged election essentially kept Maduro in control.
This failure inspired other covert actions - specifically more cyber attacks. The US Cyber Command (CYBERCOM), whose mission is “to direct, synchronize, and coordinate cyberspace planning and operations to defend and advance national interests in collaboration with domestic and international partners”, also disrupted the satellite communications used by the Wagner Group, a network of Russian mercenaries that were located in Venezuela at the time. CYBERCOM also considered taking a hydroelectric dam there offline, but decided not to follow through. Curiously enough, pro-Russian hackers did organize an attack on a Norwegian dam earlier this year, inspiring a policy brief from NATO on maritime port cybersecurity.
Now, in Trump’s second term, tensions between the US and Venezuela are again on the rise. The US has sent strikes on boats from Venezuela allegedly carrying drugs to the US, killing at least 27 “narcoterrorists” since September. Venezuela is alleging that the CIA attempted a false-flag attack on an American warship stationed at Trinidad and Tobago. Trump has hinted at plans to go further than boats and sending strikes on Venezuelan land against drug operations. Some suspect another coup to be on the way. His confirmation that CIA has received permission to conduct covert operations suggests that more attacks, cyber or physical, can be expected.
The US-backed cyberattacks against Venezuela are not the only politically-motivated cyberattacks that made it to the headlines this week. On October 29, 2025, the Canadian Centre for Cyber Security (Cyber Centre) released an alert after a series of incidents around organizations in Canadian critical infrastructure. The cited attacks included a disruption at a water facility, critically reducing water pressure, another attack on an oil and gas company, starting false alarms, and another on a grain drying silo that changed the temperature and humidity levels, which could have made the food unsafe.
The attacks were attributed to activists, also called ‘hacktivists’, aiming “to gain media attention, discredit organizations, and undermine Canada's reputation” by exploiting internet-accessible devices (ICS). According to Cyble, hacktivists are targeting critical infrastructure more than before, with their preferred attack styles being Distributed Denial of Service (DDoS), website defacements, attacks on industrial control systems, and data breaches. The political problems motivating the attacks were the Ukraine-Russia war, along with conflicts between Israel and Iran, India and Pakistan, Thailand and Cambodia, and Morocco and Algeria. Just earlier this month, global hacktivists worked together to launch 57 DDoS attacks in Israel on the second anniversary of the 2023 Hamas attacks.
As a response to the Canadian attacks, their Cyber Centre makes several suggestions for organization Chief Information Security Officers (CISO) and decision makers. The Centre recommends effective communication and collaboration around safety and security, coordinating across different levels of government, and using the The Cyber Security Readiness Goals (CRGs) as a minimum set of standard practices. Other advice is taking note of all ICS devices and increasing their security measures, such as using Virtual Private Networks (VPNs) with two-factor authentication, along with routinely practicing response plans to prepare for a cyber incident.
These recommendations are reliable advice for improving cybersecurity, and are worthwhile for anyone trying to prevent or at least limit the burden of a hacktivist attack as they become more and more impactful. In the case of another similar cyber incident, Canadians can report the event on the My Cyber Portal or by emailing contact@cyber.gc.ca.