The FBI’s email system sent out a bunch of bogus cybersecurity warnings after being hacked
The hackers sent out over 100,000 emails from an FBI email address.
When you get an email that seems suspicious, one of the first things to do is see where the email was sent from. But it can’t always tell you the full story, as made apparent in this new hack that involved the FBI over the weekend.
According to a report from Bleeping Computer, “at least 100,000” emails were sent out from an FBI email address.
Hackers managed to gain access to a portal and a “software configuration” allowed them to create and send emails from the address.
The emails went out in two waves according to SpamHaus, a nonprofit that tracks spam and cyberthreats.
The header used was “Urgent: Threat actor in systems” and the email talks of a fake threat and stolen data from an actual security researcher, Vinny Troia.
The email also mentions TheDarkOverlord, a hacking group, and one that Troia’s Night Lion Security company reported on earlier in the year (thanks, Gizmodo).
Troi went to Twitter afterward and accused another Twitter member of the attack. Known as Pompompurin, Troi received a Twitter DM hours before the attack that simply said “enjoy.”
Then, after news of the breach the next day, he received a follow-up DM that just said “did you enjoy.”
It’s not clear yet, but it almost seems like this breach of an FBI system to send out spam email blasts was used to discredit the security researcher’s name.
In a statement to Bleeping Computer, the FBI says, “The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation and we are not able to provide any additional information at this time.”
- Hackers may have cracked the code to playing pirated games on the PS5
- T-Mobile’s security is shit according to the hacker that breached its servers
- Hackers are targeting YouTube influencers with fake collabs, and of course, it’s working
- Donald Trump’s new social media site has already been hacked