Canada's House of Commons has been hit by a cyber attack, believed to be the result of a recently-exploited Microsoft SharePoint zero-day.
According to an email sent to staff and shared with CBC News, the event took place last Friday. The hackers gained access to a database containing information used to manage computers and mobile devices, much of which is not available to the public.
This includes employees' names, job titles, office locations, and email addresses, as well as information regarding their House of Commons-managed computers and mobile devices.
As of yet, no group has claimed responsibility for the House of Commons attack, but it's widely tipped to have been the work of Salt Typhoon, the Chinese state-linked advanced persistent threat (APT) group.
According to a national cyber threat assessment from the Canadian Centre for Cyber Security, at least 20 networks associated with Canadian government agencies and departments have been compromised by China-linked threat actors over the last four years.
At present, there's no concrete information on how many employees have been affected by the breach, though the House of Commons is carrying out an investigation.
The email to staff warned them to be on the lookout for scammers using the stolen data for phishing attempts.
This is a common tactic used by threat actors in the wake of data breaches, according to Javvad Malik, lead security awareness advocate at KnowBe4.
"The stolen data can be weaponized for tailored phishing and impersonation against officials. Staff will likely receive convincing emails, texts, and calls leveraging the job and device details that have been stolen," he said.
"Priority should be given to provide clear guidance and strict verification for requests along with a strong reporting culture so that people can work together to help secure the organization."
Speculation over source of the breach is mounting
Speculation over the source of the breach has been mounting since disclosure, with suggestions it could have been a result of a recent SharePoint vulnerability.
Andrew Costis, engineering manager of the Adversary Research Team at AttackIQ, noted that the breach came “shortly after Microsoft issued an alert regarding a SharePoint zero day”.
The SharePoint flaw, tracked as CVE-2025-53770, has a CVSS score of 9.8, Costis added. First discovered in May, Microsoft warned late last month that an exploit exists in the wild.
It allows malicious actors to gain unauthorized access to organizations’ infrastructure using remote code execution (RCE), which in turn gives them access to all SharePoint content, including internal configurations and file systems.
"In recent weeks, vulnerabilities in Microsoft platforms like Exchange and SharePoint have led to data breaches at several major organizations, including Google and the US Department of Health and Human Services," said Costis.
"Reports indicate that ransomware groups, such as Salt Typhoon and Warlock, have exploited these vulnerabilities to attack nearly 400 organizations."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Ransomware victims are taking a tougher stance on negotiating with hackersNews Enterprises are taking a tougher stance on ransomware hackers and refusing to pay up
-
Dell 32 Plus S3225QC monitor reviewReviews Superb image quality and silky smooth motion make a glorious combination – but it’s not a perfect productivity monitor
-
Identity security is more important than ever – here’s whyNews 78% of enterprises told Okta that controlling access and permissions for non-human identities is now their main identity security concern.
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
-
MSPs beware – these two ransomware groups are ramping up attacks and have claimed hundreds of victimsNews The Akira and Lynx ransomware groups are focusing on small businesses and MSPs using stolen or purchased admin credentials
-
The UK’s ‘chronic shortage of cyber professionals’ is putting the country at riskNews While high-profile attacks grab headlines, a security researcher warns the UK's "chronic shortage of cyber professionals" is left unaddressed by government, industry, and academia.
-
Credential theft has surged 160% in 2025News AI-powered phishing and the growth of Malware as a Service means hackers are compromising more accounts than ever
-
US federal judiciary agency hit by 'escalated cyber attacks' which exposed highly sensitive dataNews The agency says it plans to step up cybersecurity capabilities in the wake of the incident
-
Nearly one-third of ransomware victims are hit multiple times, even after paying hackers
News Many ransomware victims are being hit more than once, largely thanks to fragmented security tactics
