databreachtoday.eu - Hackers breached a sensitive database containing office locations and personal details of elected officials and staff in Canada's House of Commons.

The breach targeting the House of Commons network occurred Friday and involved a database "containing information used to manage computers and mobile devices," according to an internal email obtained by CBC News. Hackers were able to "exploit a recent Microsoft vulnerability," the missive said.

The message did not name any nation-state or criminal group, and it remains unclear which database was compromised or if other sensitive data was accessed. Affected information includes names and titles, email addresses and device details including models, operating systems and telephone numbers.

Olivier Duhaime, spokesperson for the House of Commons' Office of the Speaker, told Information Security Media Group in an emailed statement Thursday that the "House of Commons is working closely with its national security partners to further investigate this matter." Duhaime declined to comment any further on the specifics of the investigation, citing "security reasons."

The Canadian Center for Cyber Security in July warned that it was aware of exploitation occurring inside the country of a zero-day exploit discovered in Microsoft SharePoint. The computing giant published an emergency patch described by Google Cloud's Mandiant consulting chief technology officer as "uniquely urgent and drastic" (see: SharePoint Zero-Days Exploited to Unleash Warlock Ransomware).

The U.S. Cybersecurity and Infrastructure Security Agency warned earlier this month that remote code execution flaw - publicly known as "ToolShell" - allows unauthenticated system access and authenticated access via network spoofing. The agency said attackers can gain full access to SharePoint content, including file systems and configurations.

"This isn't an 'apply the patch and you're done' situation," Mandiant Chief Technology Officer Charles Carmakal wrote on LinkedIn, urging organizations with SharePoint to "implement mitigations right away" and apply the patch.

Microsoft said in a July blog post that threat actors seeking initial access include Chinese nation-state hackers tracked as Linen Typhoon and Violet Typhoon, as well as possibly China-linked Storm-2603. Linen and Violet Typhoon have targeted intellectual property from government, defense, strategic planning and human rights organizations, along with higher education, media, financial and health sectors across the United States, Europe and Asia.

Linen typically conducts "drive-by compromises" using known exploits, while Violet "persistently scans for vulnerabilities in the exposed web infrastructure of target organizations."