The FBI’s email servers were compromised, impacting 100,000+ people. The authorities are investigating the incident and have not yet found a cause as of this writing. However, some experts theorize that it may be related to Russia or North Korea being able to access sensitive information on the US government’s computers via phishing schemes.
The “FBI email servers compromised” is a recent story that has been circulating around the internet. The FBI says there was no breach and that they sent out fake warnings to 100,000+ victims.
The FBI’s email systems were hacked, and the threat actor sent emails to recipients, claiming that their networks had been infiltrated and data taken. Spamhaus, a spam-tracking non-profit, discovered the effort last Saturday.
Spamhaus researchers saw two waves of similar emails, the first arriving at 5 a.m. UTC and the second arriving two hours later. The mails had the topic “Urgent: Threat actor in systems” and originated from the FBI’s Law Enforcement Enterprise Portal (LEEP). The FBI’s IP address was also related with the emails.
The spoof emails warning recipients of a complex chain assault spearheaded by Vinny Troia, the chief of security research at dark web intelligence firms NightLion and Shadowbyte.
In the news: A macOS 0-day watering hole attack has targeted a Hong Kong pro-democracy website.
The emails were sent from FBI’s [email protected] email address, which is associated with mx-east-ic.fbi.gov. The business says these bogus emails were sent to over 100,000 victims whose emails were harvested from the American Registry for Internet Numbers (ARIN) database in a tweet sent the same day as the emails were discovered.
These phony security alert emails seem to be sent to addresses taken from the ARIN database. Because the headers are legitimate, they are coming from FBI infrastructure, they are creating a lot of havoc. In the.sig, they don’t have a name or contact information. Please be cautious!
November 13, 2021 — Spamhaus (@spamhaus)
The researchers feel, however, that the effort may have been far bigger, and that the 100,000 figure is a modest estimate. The email headers also confirm that the emails came from FBI servers, as confirmed by the DomainKeys Identified Mail (DKIM) method and the FBI internal servers that handled the emails.
- dap00025.str0.eims.cjis
- wvadc-dmz-pmo003-fbi.enet.cjis
- dap00040.str0.eims.cjis
The FBI has confirmed the occurrence, describing it as a “ongoing situation” that has been resolved by turning off the affected gear. The threat actor took advantage of a software misconfiguration in LEEP to send the bogus emails, according to an update from the agency the next day, November 14.
The emails were sent from a server that was devoted to sending LEEP alerts and wasn’t part of the FBI’s corporate email system. The FBI also claims that no data or personally identifiable information (PII) on the network was accessed or compromised without permission.
The goal of this email effort, however, seems to be to discredit Vinny Troia, who is described in the emails as the threat actor responsible for the supply-chain assault. Troia has had a long-running conflict with RaidForums users, who often deface websites or carry out other similar activities and then blame it on the researcher.
In a tweet describing the event, Troia hinted to someone called “pompomourin,” adding that the person has previously tried to harm his reputation with similar assaults.
In the news: The Bazarloader virus attacking Windows 10 is now publicly available.
When he’s not writing/editing/shooting/hosting all things tech, he streams himself racing virtual vehicles. Yadullah may be reached at [email protected], or you can follow him on Instagram or Twitter.
Watch This Video-
Related Tag
- fbi office near me