Canadian House of Commons Probes Cyberattack Linked to Microsoft Vulnerability

The Canadian House of Commons is investigating a data breach that exposed sensitive employee information, after hackers exploited a flaw in Microsoft software to infiltrate parliamentary systems.

The breach, disclosed internally to staff on Monday, reportedly compromised names, addresses, job titles, office locations, email addresses, and system management data for an undisclosed number of employees. Attackers are believed to have accessed a database used to manage House of Commons computers and mobile devices.

In an email to staff, officials warned of possible phishing and impersonation attempts targeting parliamentarians and employees. The Canadian Centre for Cyber Security (Cyber Centre), part of the Communications Security Establishment, confirmed it is assisting the investigation but did not attribute the attack to a known threat group.

"However, we can tell you that we are aware of the incident and working with the House of Commons to provide support," the Cyber Centre said in a statement. "Attribution of a cyber incident is difficult. Investigating cyber threat activity takes resources and time, and there are many considerations involved in the process of attributing malicious cyber activity to specific threat actors, and/or nation-states."

Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ, noted that the attack aligns with a recent wave of exploits targeting Microsoft platforms. “The Canadian House of Commons has revealed that a cyberattack has compromised the names, addresses, and computer information of an undisclosed number of employees. The hackers gained access to the House of Commons’ system through a Microsoft vulnerability,” he said.

While it is unclear which specific flaw was used, the breach follows Microsoft’s alert about active exploitation of a SharePoint zero-day. Similar vulnerabilities in Exchange and SharePoint have recently been weaponized in attacks against Google, the U.S. Department of Health and Human Services, and nearly 400 other organizations, often by ransomware groups such as Salt Typhoon and Warlock.

“For governing bodies like the Canadian House of Commons, proactive measures are vital for keeping sensitive data secure,” Costis added. “Implementing adversarial emulation tactics for the various ransomware gangs that have exploited the vulnerabilities would aid in testing security defenses against common attack techniques in order to prevent any future breaches.”

Canada’s Cyber Centre has warned IT teams to urgently patch two critical Microsoft vulnerabilities: CVE-2025-53770, a SharePoint flaw known as ToolShell, and CVE-2025-53786, a high-severity Exchange bug. The former has been exploited by both state-backed hackers and ransomware operators in high-profile breaches across North America, Europe, and the Middle East. The latter prompted the U.S. Cybersecurity and Infrastructure Security Agency to issue an emergency directive, warning that unpatched systems could face “a hybrid cloud and on-premises total domain compromise.”

Security researchers say thousands of Microsoft Exchange servers remain unpatched, including more than 800 in Canada. For the House of Commons, the attack is both a warning and a stress test for its cyber resilience in the face of increasingly sophisticated adversaries.