FBI system hacked to email ‘urgent’ warning about fake cyberattacks
New Windows 11 build fixes widespread printer issues, system freezes
QBot returns for a new wave of infections using Squirrelwaffle
Costco discloses data breach after finding credit card skimmer
US Education Dept urged to boost K-12 schools’ ransomware defenses
Master the cloud with this pre-Black Friday deal on AWS training
FBI system hacked to email ‘urgent’ warning about fake cyberattacks
Fake end-to-end encrypted chat app distributes Android spyware
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
FBI system hacked to email 'urgent' warning about fake cyberattacks
The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings that the recipients’ network was breached and data was stolen.
The emails pretended to warn about a “sophisticated chain attack” from an advanced threat actor known, who they identify as Vinny Troia. Troia is the head of security research of the dark web intelligence companies NightLion and Shadowbyte
The spam-tracking nonprofit SpamHaus noticed that tens of thousands of these messages were delivered in two waves early this morning. They believe this is just a small part of the campaign.
Researchers at the Spamhaus Project, an international nonprofit that tracks spam and associated cyber threats (phishing, botnets, malware), observed two waves of this campaign, one at 5 AM (UTC) and a second one two hours later.
The messages came from a legitimate email address – eims@ic.fbi.gov – which is from FBI’s Law Enforcement Enterprise Portal (LEEP), and carried the subject “Urgent: Threat actor in systems.”
All emails came from FBI’s IP address (mx-east-ic.fbi.gov), Spamhaus told us.
Fake cyber attack alert from legit FBI email address
The message warns that a threat actors has been detected in the recipients’ network and has stolen data from devices.
Spamhaus Project told BleepingComputer that the fake emails reached at least 100,000 mailboxes. The number is a very conservative estimate, though, as the researchers believe “the campaign was potentially much, much larger.”
In a tweet today, the nonprofit said that the recipients were scraped from the American Registry for Internet Numbers (ARIN) database.
While this looks like a prank, there is no doubt that the emails originate from FBI’s servers as the headers of the message show that it’s origin is verified by the DomainKeys Identified Mail (DKIM) mechanism.
The headers also show the following FBI internal servers that processed the emails:
The FBI confirmed that the content of the emails is fake and that they were working on solving the issue as their helpdesk is flooded with calls from worried administrators.
In a statement to BleepingComputer, the FBI said that they could not share more information due to being an ongoing situation.
“The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation and we are not able to provide any additional information at this time. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to www.ic3.gov or www.cisa.gov.” – FBI.
In a second statement for BleepingComputer, the FBI explained that the threat actor behind the spam campaign took advantage of a software configuration to send out the emails.
While the messages went out from a server managed by the FBI, the machine was isolated from the agency’s corporate email and did not offer access to any data or personally identifiable information on FBI’s network.
“The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners. While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on FBI’s network. Once we learned of the incident we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks” – FBI
Whoever is behind this campaign was likely motivated to discredit Vinny Troia, the founder of dark web intelligence company Shadowbyte, who is named in the message as the threat actor responsible of the fake supply-chain attack.
Members of the RaidForums hacking community have a long standing feud with Troia, and commonly deface websites and perform minor hacks where they blame it on the security researcher.
Tweeting about this spam campaign, Vinny Troia hinted at someone known as “pompomourin,” as the likely author of the attack. Troia says the individual has been associated in the past with incidents aimed at damaging the security researcher’s reputation.
Speaking to BleepingComputer, Troia said that “my best guess is ‘pompomourin’ and his band of minions [are behind this incident].”
“The last time they [pompompurin] hacked the national center for missing children’s we site blog and put up a post about me being a pedophile” – Vinny Troia
This assumption is further supported by the fact that ‘pompompurin’ contacted Troia a few hours before the spam email campaigns started to simply say “enjoy,” as a warning that something involving the researcher was about to happen.
Troia said that ‘pompompurin’ messages him every time they start an attack to discredit the researcher.
Update 11/13/21: Added statement from the FBI.
Update 11/14/21: Added a second statement from the FBI.
Windows 10 App Installer abused in BazarLoader malware attacks
Void Balaur hackers-for-hire sell stolen mailboxes and private data
Gmail accounts are used in 91% of all baiting email attacks
FBI warns of Iranian hackers looking to buy US orgs’ stolen data
Operation Cyclone deals blow to Clop ransomware operation
The FBI are eons behind these hackers, the are constantly being made to look like idiots and this is just proof of it.

We just had an 1.8 trillion dollar bill passed for infrastructure , you think any of that will be spent to combat cyber criminals ? probably not , but I bet a whole lot of politicians got rich!
Only 4% is for infrastructure and you’re correct , a ton of politicians got rich.
Experts tout $2 billion in cybersecurity funding in Biden’s infrastructure bill


But will it stop the hackers? Probably not when people click anything in emails.

Not a member yet? Register Now
Costco discloses data breach after finding credit card skimmer
Zero-day bug in all Windows versions gets free unofficial patch
To receive periodic updates and news from BleepingComputer, please use the form below.
Malwarebytes for Mac
Malwarebytes Anti-Malware
Farbar Recovery Scan Tool
Windows Repair (All In One)
Sophos Home
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Phishing actors start exploiting the Omicron COVID-19 variant

Former Ubiquiti dev charged for trying to extort his employerNew malware hides…

Windows 11 KB5007215 update released with application fixes

Microsoft urges Exchange admins to patch bug exploited in the wildMicrosoft November…

Kali Linux 2021.4 released with 9 new tools, further Apple M1 support

New zero-day exploit for Log4j Java library is an enterprise nightmareALPHV BlackCat…

Beware: Free Discord Nitro phishing targets Steam gamers

CISA orders federal agencies to fix hundreds of exploited security flawsUS sanctions…