Canada's House of Commons suffered a cyber attack believed to exploit a Microsoft SharePoint zero-day. The breach occurred last Friday, allowing unauthorized access to sensitive employee information such as names, job titles, and device details. No group has claimed responsibility, though suspicion falls on the Chinese state-linked APT group Salt Typhoon. The Canadian Centre for Cyber Security reported over 20 Canadian government networks have been compromised in recent years. An investigation is ongoing, and employees have been warned to be vigilant against phishing attempts using stolen data.
"The stolen data can be weaponized for tailored phishing and impersonation against officials. Staff will likely receive convincing emails, texts, and calls leveraging the job and device details that have been stolen."
"Priority should be given to provide clear guidance and strict verification for requests along with a strong reporting culture so that people can work together to help secure the organization."
Collection
[
|
...
]