Cyber Incident Victim: Ottawa, Ontario, Canada
Date:
Oct 2022
Location:
Canada
Summary
A cyber incident targeting the Canadian government's parliamentary IT infrastructure prompted password resets for Members of Parliament and restricted internet-based services, though critical functions remained operational. Affected parties included MPs, their staff, and multiple parliamentary entities, with investigations ongoing but no confirmed compromise of email accounts. Analysts suggested the breach likely involved stolen credentials, posing risks of unauthorized access to government systems and identity theft. The Canadian Centre for Cyber Security supported mitigation efforts, while previous warnings highlighted vulnerabilities to state-sponsored threats and followed an earlier attack on Global Affairs Canada.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 5, 2022, a cyber incident targeting the Canadian government’s information technology infrastructure was identified, prompting the House of Commons to implement security measures affecting parliamentary operations. The incident impacted all users served by House of Commons infrastructure, including members of Parliament, their staff, Senate personnel, Library of Parliament employees, Parliamentary Protective Service members, and staff of the Conflict of Interest and Ethics Commissioner. Critical services for parliamentarians and staff remained functional, but internet-based services were restricted as mitigation efforts continued. Amelie Crosson, communications manager for the Office of the Speaker, confirmed the incident was under investigation but declined to disclose potential perpetrators or compromised data types. Between October 12 and 14, MPs received directives to change their email passwords, with follow-up alerts reinforcing this requirement for those who hadn’t complied. Conservative MP Matt Jeneroux publicly expressed concern about the potential exposure of sensitive cross-party parliamentary information. The Speaker’s Office maintained there was no evidence of compromised email accounts but acknowledged the broad scope of affected systems.
Technology analyst Carmi Levy characterized the password reset mandate as indicative of a severe security breach, suggesting credential compromise likely enabled unauthorized access to authentication data. The Canadian Centre for Cyber Security provided operational support to maintain critical government services during the incident. This breach occurred against a backdrop of heightened cybersecurity vulnerabilities, following a January 2022 cyber attack on Global Affairs Canada and August 2022 RCMP warnings about parliamentarians being targeted by hostile actors. A February 2022 report from the National Security and Intelligence Committee of Parliamentarians had previously identified systemic weaknesses in federal cyber defenses, specifically highlighting risks from state-sponsored actors in China and Russia seeking sensitive data. Parliamentary entities had received secured devices and cybersecurity training months earlier in response to escalating threats, underscoring the persistent targeting of government systems. No additional technical details regarding attack vectors, data exfiltration, or attribution were disclosed by authorities during the initial response phase.