Heimdal
article featured image

Contents:

The FBI’s email systems were hacked, and spam emails mimicking FBI warnings were sent out. The emails were warning in regards to a “sophisticated chain assault” perpetrated by an advanced threat artist called Vinny Troia.

Thousands of these communications were distributed in two waves, according to SpamHaus, a spam-tracking organization, but unfortunately, the researchers feel that this might be only a minor component of the malicious campaign’s overall strategy.

Researchers at the Spamhaus Project were able to observe two waves of this campaign taking place, one at 5 AM (UTC) and a second one, just two hours later.

What Happened?

As reported by BleepingComputer the emails came from a legitimate email address, eims@ic.fbi.gov, and from the FBI’s IP address 153.31.119.142 (mx-east-ic.fbi.gov).

This email address is used by the FBI’s Law Enforcement Enterprise Portal (LEEP), and carried the subject “Urgent: Threat actor in systems.”

The false emails appear to have reached at least 100,000 inboxes. However, the figure is a cautious estimate, since the researchers feel “the campaign may have been much, much greater.”

While the emails appear to be a hoax, the headers of the message reveal that their origin is validated by the DomainKeys Identified Mail (DKIM) method, indicating that they are sent from FBI servers.

Image

Source

While their helpdesk is overwhelmed with inquiries from frightened admins, the FBI stated that the emails’ content is fraudulent and that they are trying to resolve the situation.

The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation and we are not able to provide any additional information at this time. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to www.ic3.gov or www.cisa.gov.

Source

FBI sent a second statement to BleepingComputer in which explained that the threat actor managed to make use of a software configuration in order to send out the emails.

The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners. While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on FBI’s network. Once we learned of the incident we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.

Source

Who Could Be Behind the Attack?

The email alluded to the Dark Overlord, a worldwide hacking gang that supposedly steals data and demands large ransoms in exchange for its release.

According to the email, the “threat actor” was cybersecurity specialist Vinny Troia. Last year, Troia published an inquiry on the Dark Overlord.

These are very childish actions intended to discredit me for putting out a report which exposed his identity and involvement in several other hacking groups including the dark overlord, gnostic players, and shiny hunters. He is becoming bolder and much more blatant with his attacks.

Source

If you liked this article follow us on LinkedInTwitterYouTubeFacebookand Instagram to keep up to date with everything cybersecurity.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE