Canada's cyber security agency is investigating a significant data breach at the national parliament caused by an unknown threat actor targeting employee information. The Canadian House of Commons has informed employees of an information breach and the Commons said that a malicious hacker was able to exploit a known Microsoft vulnerability to get access to a database that contains data used to manage computers and mobile devices.
The unknown attackers has used an exploit known as CVE-2025-53770 to breach other organizations, including the US National Nuclear Security Administration, the US Department of Education, Florida's Department of Revenue, the Rhode Island General Assembly, as well government networks in Europe and the Middle East.
The CVE-2025-53786 exploit is high-severity Microsoft Exchange flaw, which allows attackers to move laterally in Microsoft cloud environments, one so serious that the US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive.
Some of the information obtained by the hacker is not available to the Canadian public, including employees' names, job titles, office locations and email addresses, as well as information regarding their House of Commons-managed computers and mobile devices. At present, there is no accurate information on how many employees have been affected by the breach, although the House of Commons is carrying out an investigation. A recent email to staff warned them to be on the lookout for scammers using the stolen data for phishing attempts.
Canada's Communications Security Establishment (CSE) said it is aware of the incident and is working with the House of Commons to provide support, but could not confirm who was behind the attack. The CSE defines a threat actor as a group or individual that aims "with malicious intent" to "gain unauthorized access to or otherwise affect victims' data, devices, systems and networks." A recent threat report from the CSE found that adversarial nations, including the People's Republic of China (PRC), Russia and Iran, are increasingly behind cyber threats to Canada. But the agency said it's too early to tell who, or what, was behind this breach.
"Attribution of a cyber incident is difficult. Investigating cyber threat activity takes resources and time, and there are many considerations involved in the process of attributing malicious cyber activity," said the CSE in a statement. It calls on employees and members of the House of Commons to be especially vigilant as information accessed during the breach could be used in scams, or to target and impersonate parliamentarians.
The House of Commons said it was working with national security partners to investigate the matter, but would not disclose information, including how many employees are affected, citing the ongoing probe.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. redskyalliance. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
https://www.cybersecurityintelligence.com/blog/canadas-parliament-suffers-data-breach-8649.html
Comments