Canada’s House of Commons revealed on Monday it was the victim of a cyberattack – suspected to be the work of the same China-linked hackers responsible for the recent rash of SharePoint zero-day attacks.
In an internal email seen by the CBC News, house officials said an employee database had been targeted by the unnamed “threat actor.”
Employee information was said to include names, job titles, office locations and email addresses, as well as information regarding their House of Commons-managed computers and mobile devices, the CBC reports.
Located on Parliament Hill in Ottawa, the nation’s capital, the House of Commons is part of the government’s legislative branch, with its main role to introduce, debate, and pass bills.
There are close to 2500 employees serving the Parliament’s 343 members (MPs), according to the IPU Parline website. It's unclear how many employees may have been affected or if the private data of any Canadian lawmakers was additionally exposed in the hack.
Canada's Communications Security Establishment (CSE) said it was aware of the incident and is working with the House of Commons to provide support, the news outlet said.
Sharepoint zero-day suspected
Investigators say the hackers, which breached the system on Friday, August 8th, gained access to the House of Commons network by exploiting a vulnerability in a an unnamed Microsoft system.
“While it’s unknown exactly which vulnerability was exploited, the breach came shortly after Microsoft issued an alert regarding a SharePoint zero-day having been observed to be exploited in the wild, said Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ.
Although officials have not released the threat actor's identity, a rash of SharePoint attacks impacting hundreds of organizations worldwide has been blamed on several Chinese nation-state actors, including the notorious Salt Typhoon (Storm-2603).
“Reports indicate that ransomware groups, such as Salt Typhoon and Warlock, have exploited these vulnerabilities to attack nearly 400 organizations,” Costis said. Thousands more vulnerable organizations are expected to be impacted.
Costis further explains that “in recent weeks, vulnerabilities in Microsoft platforms like Exchange and SharePoint have led to data breaches at several major organizations, including Google and the US Department of Health and Human Services.”
Microsoft discovered the flaw in May, admitting last month that its initial patch for the critical SharePoint zero-day had failed. The tech giant has since released an emergency working fix.
Earlier this summer, the Canadian Center for Cyber Security (CCCS) identified Salt Typhoon as the group behind a recent campaign targeting several Canadian telecommunications companies, successfully breaching an unnamed telecom in February.
Canadian Security Intelligence Service released a scathing report on foreign interference in Canada with ringing the alarm on China who is all but running free in Canada and not even a single MSM article focusing on it.
undefined Kirk Lubimov (@KirkLubimov) June 20, 2025
The propaganda and censorship level in Canada is something. pic.twitter.com/KjeTx9q1XY
A 2025-2026 CCCS threat report cited China as “the most sophisticated and active cyber threat to Canada.”
“Over the past four years, at least 20 networks associated with Government of Canada agencies and departments have been compromised by PRC cyber threat actors,” the report states.
“For governing bodies like the Canadian House of Commons, proactive measures are vital for keeping sensitive data secure, said Costis, suggesting municipalties implement adversarial emulation tactics for the various ransomware gangs that have exploited the SharePoint and Exchange vulnerabilities.
This would “aid in testing security defenses against common attack techniques in order to prevent any future breaches” Costis said.
Your email address will not be published. Required fields are markedmarked