A group of unidentified hackers have compromised one of the FBI’s official email servers and have sent out spam emails to everyone. These spam emails contained a warning about a fake cyberattack that was allegedly taking place.
As per the report by Bleeping Computer, the fake email was sent to an advanced threat actor Vinny Troia, who was the head of security research of the dark web and companies like NightLion and Shadowbyte. He even tweeted the same thing over social media. The issue was acknowledged by the Federal Bureau of Investigation (FBI) in its official statement. The fake email sent to different people stated that the recipients of the email have become victims of a sophisticated chain attack. According to the reports of the Spamhaus Project, it was identified that the fake emails have been sent to 100,000 email addresses. The hackers have scraped the email ids from a database by using the legitimate FBI official system. This was reported by the American Registry. The senior threat analyst Alex Grosjean stated that the email did not contain any malicious link while it was only meant to scare and prank the recipients.
However, Krebs on Security stated that the attacker behind these fake emails was an actor called Pompompurin who contacted them after the email was sent out. A glaring vulnerability was pointed out in the FBI email system and that’s why the hacking was done, which was reported by the Krebs on Security.
The FBI stated that he was aware of a software misconfiguration that took place that temporarily leveraged the Law Enforcement Enterprise Portal (LEEP) to send fake emails. Once this incident was identified and investigated, the FBI automatically remediated the software vulnerability and warned the recipients to disregard the fake emails sent to them.
Sharanya Chakraborty
Content Writer, WCSF
This shows how the hackers convert vulnerabilities to their advantage and breach security.