Cyber Incident Victim: Davincys
Date:
Oct 2022
Location:
Canada
Summary
A cyber incident targeting the Canadian government's IT infrastructure prompted password resets for Members of Parliament, their staff, and affiliated parliamentary entities, alongside restrictions on some internet-based services. The breach affected accounts across the House of Commons, Senate, Library of Parliament, and other agencies, though critical functions remained operational. While officials confirmed no evidence of compromised email accounts, cybersecurity analysts interpreted the forced password updates as indicative of potential credential exposure. The incident followed prior warnings about state-sponsored cyber threats and vulnerabilities in governmental defenses, with the Canadian Centre for Cyber Security assisting mitigation efforts. This occurred months after a separate attack on Global Affairs Canada and amid parliamentary reports highlighting risks from hostile actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyber incident affecting Canadian parliamentary systems was identified on October 5, 2022, prompting immediate containment measures. Parliamentary authorities restricted certain internet-based services across the House of Commons infrastructure while maintaining critical functions for MPs and staff. All users under this infrastructure—including parliamentarians, their staff, Senate personnel, Library of Parliament employees, and several affiliated agencies—were impacted. On October 14, an alert mandated password resets for affected accounts, with follow-up communications reiterating this requirement for those who hadn’t complied. The Office of the Speaker confirmed the incident remained under investigation but disclosed no evidence of compromised email accounts.
The House of Commons administration collaborated with the Canadian Centre for Cyber Security to mitigate risks and preserve operational services. This incident followed earlier cybersecurity warnings, including an August 2022 RCMP advisory about parliamentarians being targeted by hostile actors and a January 2022 breach at Global Affairs Canada. A February 2022 parliamentary committee report had previously highlighted vulnerabilities to state-sponsored threats, though no attribution was provided for the October incident. Service restrictions persisted as mitigation efforts continued, with no public confirmation of data exfiltration or specific attacker methodologies. Parliamentary entities maintained previously issued security devices and training protocols established prior to the breach.