Canada's House of Commons has been hit by a cyber attack, believed to be the result of a recently-exploited Microsoft SharePoint zero-day.
According to an email sent to staff and shared with CBC News, the event took place last Friday. The hackers gained access to a database containing information used to manage computers and mobile devices, much of which is not available to the public.
This includes employees' names, job titles, office locations, and email addresses, as well as information regarding their House of Commons-managed computers and mobile devices.
As of yet, no group has claimed responsibility for the House of Commons attack, but it's widely tipped to have been the work of Salt Typhoon, the Chinese state-linked advanced persistent threat (APT) group.
According to a national cyber threat assessment from the Canadian Centre for Cyber Security, at least 20 networks associated with Canadian government agencies and departments have been compromised by China-linked threat actors over the last four years.
At present, there's no concrete information on how many employees have been affected by the breach, though the House of Commons is carrying out an investigation.
The email to staff warned them to be on the lookout for scammers using the stolen data for phishing attempts.
This is a common tactic used by threat actors in the wake of data breaches, according to Javvad Malik, lead security awareness advocate at KnowBe4.
"The stolen data can be weaponized for tailored phishing and impersonation against officials. Staff will likely receive convincing emails, texts, and calls leveraging the job and device details that have been stolen," he said.
"Priority should be given to provide clear guidance and strict verification for requests along with a strong reporting culture so that people can work together to help secure the organization."
Speculation over source of the breach is mounting
Speculation over the source of the breach has been mounting since disclosure, with suggestions it could have been a result of a recent SharePoint vulnerability.
Andrew Costis, engineering manager of the Adversary Research Team at AttackIQ, noted that the breach came “shortly after Microsoft issued an alert regarding a SharePoint zero day”.
The SharePoint flaw, tracked as CVE-2025-53770, has a CVSS score of 9.8, Costis added. First discovered in May, Microsoft warned late last month that an exploit exists in the wild.
It allows malicious actors to gain unauthorized access to organizations’ infrastructure using remote code execution (RCE), which in turn gives them access to all SharePoint content, including internal configurations and file systems.
"In recent weeks, vulnerabilities in Microsoft platforms like Exchange and SharePoint have led to data breaches at several major organizations, including Google and the US Department of Health and Human Services," said Costis.
"Reports indicate that ransomware groups, such as Salt Typhoon and Warlock, have exploited these vulnerabilities to attack nearly 400 organizations."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
The pros and cons of AI coding in ITIn-depth Businesses must weigh up the benefits, challenges, and key considerations when using generative AI coding tools
-
Huawei is supporting businesses when it comes to strategic AI adoptionThe lessons of digital and intelligent transformation, with help from partners like Huawei, can offer a roadmap for how to implement AI
-
A malicious MCP server is silently stealing user emailsNews Koi Security says it's discovered the first malicious MCP server in the wild, exposing a risk to the entire ecosystem
-
NCA confirms arrest after airport cyber disruptionNews Disruption is easing across Europe following the ransomware incident
-
Cyber skills shortages are pushing firms into dangerous shortcuts – and it’s putting them at huge risk of security breachesNews Chronic cyber skills shortages mean many businesses are implementing quick fixes
-
Pentesters are now a CISOs best friend as critical vulnerabilities skyrocketNews Attack surfaces are expanding rapidly, but pentesters are here to save the day
-
Hackers are disguising malware as ChatGPT, Microsoft Office, and Google Drive to dupe workersNews Beware of downloading applications like ChatGPT, Microsoft Office applications, and Google Drive through search engines
-
Generative AI attacks are accelerating at an alarming rateNews Two new reports from Gartner highlight the new AI-related pressures companies face, and the tools they are using to counter them
-
A terrifying Microsoft flaw could’ve allowed hackers to compromise ‘every Entra ID tenant in the world’News The Entra ID vulnerability could have allowed full access to virtually all Azure customer accounts
-
‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attackNews Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
