FBI Hacked, Over 100K Emails Sent From Official Address

FBI Hacked, Over 100K Emails Sent From Official Address

Hackers cracked into the Federal Bureau of Investigation’s email system on Saturday, using it to send over 100,000 spam emails warning of a possible cyberattack, according to Reuters, citing the FBI and security specialists.

The fake emails were sent from a legitimate FBI address ending in @ic.fbi.gov, according to the agency’s statement.

It is unclear how much access the hacker or hackers gained to the FBI’s system, however the email which was spammed was a bizarre screed which references Vinny Troia – CEO of Night Lion Security, which published research on The Dark Overlord hacking group in January.

According to NBC News, the hacker signed off as the US Department of Homeland Security’s Cyber Threat Detection and Analysis Group – which has been defunct for at least two years.

The incident comes on the heels of a number of high-profile breaches of U.S. government networks in recent months, including a Russia-based attack that compromised at least nine federal agencies, and a Chinese-based hacking campaign so severe that the Cybersecurity and Infrastructure Security Agency had to issue a rare mandate for all government agencies to immediately update their software. –NBC News

Researcher Alex Grosjean of the Spamhaus Project based in Europe said that the emails’ metadata made clear that they were in fact sent from an FBI server.

The recipients appear to be publicly listed website admins, Grosjean added.

The FBI and Cybersecurity and Infrastructure Security Agency confirmed the breach, saying in a statement:

“The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,” adding  “This is an ongoing situation and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to www.ic3.gov or www.cisa.gov.”

Tyler Durden
Sun, 11/14/2021 – 13:30

Share DeepPol
more