House of Commons hit by cyberattack from 'threat actor': internal email

The House of Commons and Canada's cybersecurity agency are investigating a significant data breach caused by an unknown "threat actor" targeting employee information.

According to an internal email obtained by CBC News, the House of Commons alerted staff on Monday that there was an information breach. It said a malicious actor was able to exploit a recent Microsoft vulnerability to gain unauthorized access to a database containing information used to manage computers and mobile devices.

Some of the information obtained by the hacker is not available to the public, according to the email. That includes employees' names, job titles, office locations and email addresses, as well as information regarding their House of Commons-managed computers and mobile devices.

Canada's Communications Security Establishment (CSE) said it is aware of the incident and is working with the House of Commons to provide support, but could not confirm who was behind the attack.

The CSE defines a threat actor as a group or individual that aims "with malicious intent" to "gain unauthorized access to or otherwise affect victims' data, devices, systems and networks."

A recent threat report from the CSE found that adversarial nations, including the People's Republic of China (PRC), Russia and Iran, are increasingly behind cyber threats to Canada. But the agency said it's too early to tell who — or what — was behind this breach.

"Attribution of a cyber incident is difficult. Investigating cyber threat activity takes resources and time, and there are many considerations involved in the process of attributing malicious cyber activity," said the CSE in a statement.

The cyberattack happened on Friday, according to the email sent to employees.

It calls on employees and members of the House of Commons to be especially vigilant as information accessed during the breach could be used in scams, or to target and impersonate parliamentarians.

In a statement, the House of Commons said it was working with national security partners to investigate the matter, but would not disclose information — including how many employees are affected — citing the ongoing probe.

The most recent national cyber threat assessment from the Canadian Centre for Cyber Security reports that Canada is considered a "valuable target" for criminals and state adversaries looking to disrupt systems.

It also found a "sharp increase in both the number and severity of cyber incidents" over the past two years.

"State adversaries are getting bolder and more aggressive," wrote Rajiv Gupta, the head of the Canadian Centre for Cyber Security. "Cybercriminals driven by profit are increasingly benefiting from new illicit business models to access malicious tools and are using artificial intelligence to enhance their capabilities."

The report says China presents the most sophisticated and active cyber threat to Canada, noting that over the past four years, at least 20 networks associated with Government of Canada agencies and departments have been compromised by PRC threat actors.