The Canadian House of Commons has fallen victim to a significant cyberattack orchestrated by an unidentified “threat actor” who successfully exploited a recent Microsoft vulnerability to access sensitive government employee data.
The incident, which occurred on Friday, August 9, 2025, represents one of the most serious cybersecurity breaches to affect Canada’s parliamentary system in recent years.
Breach Details and Compromised Information
The cyberattack involved the exploitation of a Microsoft SharePoint vulnerability, likely CVE-2025-53770, which has been actively exploited by threat actors worldwide since mid-July 2025.
The malicious actor gained unauthorized access to a database containing information used to manage computers and mobile devices within the House of Commons infrastructure.
Key compromised information includes:
- Employee names and job titles.
- Office locations and email addresses.
- House of Commons-managed computer details.
- Mobile device information and specifications.
- Internal system configuration data.
According to internal communications obtained by CBC News, staff members and parliamentarians were alerted to the breach on Monday, August 12, through an internal email warning of potential follow-up attacks using the stolen information.
The vulnerability exploited in this attack is part of a critical chain of SharePoint vulnerabilities that have been actively targeted by multiple threat actors.
CVE-2025-53770, along with related vulnerabilities CVE-2025-49704 and CVE-2025-49706, allows unauthenticated remote code execution through advanced deserialization techniques and ViewState abuse.
These vulnerabilities have been particularly concerning because they enable attackers to bypass authentication controls, including multi-factor authentication and single sign-on systems.
Government Response and Investigation
Canada’s Communications Security Establishment (CSE), the nation’s cybersecurity agency, is actively investigating the incident in collaboration with the House of Commons.
CSE spokesman confirmed awareness of the incident but emphasized the complexity of attribution in cyber incidents, stating that “investigating cyber threat activity takes resources and time, and there are many considerations involved in the process of attributing malicious cyber activity”.
The House of Commons has implemented immediate response measures, working closely with national security partners while maintaining operational secrecy regarding specific details of the investigation.
Officials have declined to disclose the exact number of affected employees or provide additional technical details, citing the ongoing nature of the probe.
In response to the breach, the House of Commons issued warnings to all employees and parliamentarians to exercise heightened vigilance against potential scams and impersonation attempts using the stolen information.
The internal communication specifically cautioned that the compromised data could be weaponized to target and impersonate parliamentarians or facilitate sophisticated social engineering attacks.
Broader Cybersecurity Threat Landscape
This attack occurs within a rapidly evolving cybersecurity threat environment facing Canada.
The recent National Cyber Threat Assessment 2025-2026 released by the Canadian Centre for Cyber Security identifies a “sharp increase in both the number and severity of cyber incidents” over the past two years.
The assessment specifically highlights China as presenting “the most sophisticated and active cyber threat to Canada,” noting that over the past four years, at least 20 networks associated with Government of Canada agencies and departments have been compromised by People’s Republic of China threat actors.
The Microsoft SharePoint vulnerabilities exploited in this attack have been the subject of intense international concern.
Multiple cybersecurity agencies, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and various international partners, have issued urgent alerts regarding active exploitation of these vulnerabilities.
The vulnerabilities have been linked to Chinese threat actors, including groups designated as “Linen Typhoon” and “Violet Typhoon,” who have been conducting widespread cyber espionage campaigns.
The threat landscape assessment indicates that state adversaries are becoming increasingly aggressive, with cybercriminals driven by profit “increasingly benefiting from new illicit business models to access malicious tools and are using artificial intelligence to enhance their capabilities”.
The report warns that Canada is considered a “valuable target” for both criminals and state adversaries seeking to disrupt critical systems and steal sensitive information.
This House of Commons breach underscores the critical importance of robust cybersecurity measures across all levels of Canadian government infrastructure, particularly as threat actors continue to evolve their tactics and exploit newly discovered vulnerabilities in widely-used enterprise software platforms.
AWS Security Services: 10-Point Executive Checklist - Download for Free
Source link
