Thought Leadership
Unknown persons have compromised the IT system of the Canadian House of Commons and gained access to the personal data of parliamentary staff. The incident is suspected to be linked to the current wave of attacks against Microsoft SharePoint installations.
This information comes from an internal email sent by parliamentary representatives on Monday, which was obtained by CBC News.
Sensitive government data targeted
According to the parliamentary administration, this affects the personal information of around 2,500 employees who support the 343 members of the House of Commons. This includes contact details, workplace information and details of IT devices used on official business. It is currently unclear whether the data of MPs themselves has also been leaked.
The Communications Security Agency (CSE) is assisting with the forensic investigation into the incident. An official statement about the incident is still pending.
Exploits against Microsoft infrastructures on the rise
The attack was carried out via an unspecified Microsoft vulnerability, with security experts suspecting a SharePoint gap as the most likely cause. The incident follows the well-known pattern of Chinese state hackers from the “Salt Typhoon” group, which security researchers hold responsible for a current wave of attacks. The APT group, also known as Storm-2603, is said to have attacked almost 400 organizations worldwide via vulnerabilities in Microsoft products in the past few weeks alone.
Microsoft’s patch management faces criticism
Microsoft’s handling of the critical SharePoint vulnerability is proving problematic: the company discovered the gap back in May, but had to admit that the patch originally released was inadequate. A revised fix was only recently delivered.
In the meantime, attackers have been able to systematically exploit the gap. Security experts assume that thousands of other organizations are still vulnerable.
