The FBI’s email system was hacked, and fake cybersecurity alerts were sent out to thousands

On Saturday, the FBI stated that unidentified threat actors had breached one of its email systems and were sending out bogus messages about a fake “sophisticated chain attack.” Hackers were able to use the FBI’s legitimate email account due to a flaw on the website.

According to a non-profit threat intelligence organization, SpamHaus, the incident involved sending rogue warning emails with the subject line “Urgent: Threat actor in systems” originating from a legitimate FBI email address “eims@ic.fbi[.]gov” framing the attack on Vinny Troia. Vinny Troia is a security researcher and founder of dark web intelligence firms Night Lion Security and Shadowbyte, SpamHaus, also claims Vinny Troia to be affiliated with a hacking group named TheDarkOver.

The email blasts occurred across two “spam” waves, one immediately before 5:00 a.m. UTC and the other shortly after 7:00 a.m. UTC, according to SpamHaus’ telemetry data.

Hackers gained temporary access to the Law Enforcement Enterprise Portal (LEEP) by exploiting a “software misconfiguration” and sending an email blast from what looked to be a legitimate FBI email account. The LEEP is a secure platform for law enforcement organizations, intelligence groups, and criminal justice bodies. LEEP provides web-based investigation tools and analytical resources, and the networking.

The hackers appeared to have gained access to an unclassified server used by FBI employees to connect with the outside world, but there was no sign that they had breached any internal records. According to cybersecurity experts, the lack of malicious attachments in the emails implies the attack was unintentional and that the hackers didn’t have a plan to exploit the vulnerability. Austin Berglas, a former assistant special agent in charge of the FBI’s New York office cyber department, said, “it could have just been a group or individuals searching for some street cred to tout on underground forums.”