An unidentified cyber attacker sends thousands of fake cyber security email messages from a real U.S. Federal Bureau of Investigation (FBI) address by hacking their email servers.
The fake email stated alerting the recipients that their networks were being targeted by cyber-attack and data was stolen, becoming the victim of “sophisticated chain attack.”
This security breach in FBI servers was first publicly revealed by SpamHaus, a threat intelligence non-profit organization that basically works to track email spammers and spam-related activities in the cyber world.
Official Response of FBI on Cyber Attack on their Email Servers:
The FBI immediately responded to the report and started their investigation. They released an official press statement mentioning that they are aware of the security breach incident in their network and the reason for this is due to the software misconfiguration that allows the hacker to send illegitimate emails using the FBI’s Law Enforcement Enterprise Portal (LEEP).
LEEP is an IT infrastructure operated by the FBI to communicate with law enforcement partners.
They also added, there is no compromise of data in the server and removed the impacted hardware quickly as soon as discovered the flaw. They didn’t provide any additional information on this as it’s an ongoing situation and warns the public to be cautious and report any suspicious activity.
Here is the official press report published by FBI: FBI Statement on Incident Involving Fake Emails — FBI.
Spamhaus First Disclosed the Incident of Fake Cyber Security Emails from FBI:
Spamhaus firm, who first disclosed the incident that cyber attacker sent warning emails with the subject line “Urgent: Threat actor in systems” from the official FBI email address “eims@ic.fbi[.]gov”.
The email sends to the users over two “spam” waves, just before 5:00 am UTC and just after 7:00 am UTC timings.
In the spam email, where hacker mentioned there is a sophisticated chain attack on their network and framed the attack on Vinny Troia, who is the cyber security researcher and founder of Dark Web intelligence organizations Night Lion Security and Shadowbyte. It also includes that Vinny Troria is associated with extortion gang TheDarkOverload.
Spamhaus also cited the hoax email messages sent to the addresses scraped by the ARIN (American Registry for Internet Numbers) database.
Hacker Behind FBI Fake Cyber Security Alert Emails is Likely “Pompompurin”:
According to the KrebsOnSecurity report, there are speculations that the cyber attacker behind this is likely a threat actor called “Pompompurin” who made contact with the FBI after the spam emails were sent out.
The hacker claimed that the attack was performed to point out the vulnerability in the FBI system. Due to the security loophole in the LEEP, which allows anyone to apply for an account and also will disclose the one-time password that is sent to the applied user for confirmation of the registration. This will allow the user to intercept and alter the HTTP requests.
Vinny Troia also tweeted that a person identified as Pompompurin is responsible for this issue and used his name. Also mentioned that he is not involved in this illegal activity.
Found this article interesting? Follow DefenseLead on Twitter, Facebook and LinkedIn to read more exclusive content.