Hackers reportedly compromise Canadian House of Commons through Microsoft vulnerability
Hackers compromised data from Canada’s House of Commons in a cyberattack exploiting a recent Microsoft vulnerability, according to a report from CBC News.
Staff were alerted to the data breach on Monday, as CBC News reported based on an internal email that explained the threat actor had accessed a database “containing information used to manage computers and mobile devices.”
It is not clear what the affected database was, or if it gave them access to sensitive information or House of Commons devices.
Data compromised by the threat actor includes “employees' names, job titles, office locations and email addresses, as well as information regarding their House of Commons-managed computers and mobile devices,” according to CBC News.
The specific vulnerability that allowed the attackers to break into the House of Commons network was not disclosed. It follows shortly after Microsoft issued an urgent alert after threat actors were discovered exploiting a zero-day vulnerability in on-premise SharePoint servers.
According to the internal email, the attack took place on Friday. The message implores staff at the House of Commons, alongside its elected members, to be vigilant to scams and follow-on malicious activities following the data breach. It does not indicate who may have been behind the attack.
Canada's Communications Security Establishment has repeatedly warned about the cyber threat facing the country from state actors, including China, Russia and Iran, as well as financially-motivated groups. The Canadian Centre for Cyber Security said last year that Chinese government-backed hackers had compromised at least 20 Canadian government networks since 2020.
The House of Commons did not respond immediately to a request for comment. It told CBC News that it was working with the country’s national security agencies to respond to the breach, but declined to share additional information due to the ongoing investigation.
Alexander Martin
is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.