The Federal Bureau of Investigation (FBI) was recently a victim of a hack attack. The hackers breached the email servers of the FBI and were able to send out misleading and spam emails claiming that the recipient’s personal information was stolen.
The emails, which were sent using the legitimate email address of the FBI, stated that the recipient was a victim of a supposedly “sophisticated chain attack”. The hackers also claimed in the email that Vinny Troia, a renowned cybersecurity researcher who also runs two dark web intelligence companies NightLion and Shadowbyte, was behind these fake attacks and also went on to state that Troia was affiliated with the notorious “extortion gang TheDarkOverlord”.
A group of researchers at Spamhaus Project, a nonprofit organization that deals with cyber threats such as phishing and malware, noticed that these emails, which were sent from the email address “eims@ic.fbi.gov”, a legitimate email address of the FBI and which carried the subject “Urgent: Threat actor in systems”, came in two waves. The first wave was observed at 5 AM (UTC) followed by the second wave two hours later.
Spamhaus also informed Bleeping Computer that all of the spam emails were sent from the FBI’s IP address 153.31.119.142 (mx-east-ic.fbi.gov). Estimates suggest that the fake emails were sent to at least a hundred thousand (100,000) people. It is believed that this email server breach was just a small part of a potentially much larger campaign. The nonprofit also went on to say that the emails of the recipients were scaped from ARIN, American Registry for Internet Numbers database.
In a press release, the FBI said that it is an “ongoing situation” and all of the compromised hardware was taken offline.
It is believed that this attack was an attempt to defame Vinny Troia. Similar incidents have also occurred in the past which were aimed at scarring the reputation of Troia. Bleeping Computer noted that Troia suspects an individual named ‘pompompurin’ to be responsible for the attack. ‘Pompompurin’ even contacted Troia just hours before the attack with a message that just said: “enjoy”. ‘Pompompurin’ messages Troia every time an attack is about to be launched to defame the researcher.