Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks.
The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings of fake sophisticated chain attacks from an advanced threat actor. The message tells the recipients that their network has been breached and that the threat actor has stolen their data.
“Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack. We tried to blackhole the transit nodes used by this advanced persistent threat actor, however there is a huge chance he will modify his attack with fastflux technologies, which he proxies trough multiple global accelerators. We identified the threat actor to be Vinny Troia, whom is believed to be affiliated with the extortion gang TheDarkOverlord” reads the message.
Curiously, the fake emails claim that the attack was carried out by a threat actor known as Vinny Troia, who but Troia i is the head of security research of threat intelligence firms NightLion and Shadowbyte.
The international nonprofit organization Spamhaus Project that monitors spam campaigns warned of emails that purport to come from the FBI/DHS. The fake warnings are apparently being sent to addresses scraped from ARIN database.
The fake emails were sent from the IP address 220.127.116.11 (mx-east-ic.fbi.gov), the sender appears to be the Federal Bureau of Investigation’s Law Enforcement Enterprise Portal (LEEP) (firstname.lastname@example.org).
Vinny Troia blamed a threat actor known as “pompomourin,” as the author of the attack.
(SecurityAffairs – hacking, FBI)