The FBI is currently investigating an incident where fake emails were sent out from an official FBI email account to over 100,000 inboxes, as reported by Breitbart.
In a press release, the FBI said that “the FBI and the CISA [Cybersecurity and Infrastructure Security Agency] are aware of the incident [Saturday] morning involving fake emails from an @ic.fbi.gov email account.”
The FBI described it as “an ongoing situation,” but noted that “the impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to ic3.gov or cisa.gov.”
An international nonprofit called the Spamhaus Project, whose mission is to “track spam and related cyber threats such as phishing, malware and botnets,” tweeted a screenshot of the fake email, confirming that “while the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.”
“They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure,” Spamhaus added. “They have no name or contact information in the .sig. Please beware!” Spamhaus also confirmed that the email was received by over 100,000 users.
The emails in question referred to an international hacker and extortion group known as “The Dark Overlord,” which primarily steals data and demands that its victims pay ransom to have the information returned. The fake email claims that the primary “threat actor” behind Dark Overlord is Vinny Troia, a journalist who published a comprehensive investigation into the group’s activities in July of 2020. In response, Troia jokingly tweeted a rhetorical question, asking “should I be flattered that the kids who hacked the @FBI email servers decided to do it in my name?”
Austin Berglas, former Special Assistant Special Agent in Charge of the FBI’s New York Cyber Branch, said that the culprits “could have just been a group or individuals looking to get some street cred to tout on underground forums. I would think that it would be some sort of criminal group or some sort of ‘hacktivist’ group, rather than a coordinated state-backed attack.”
He added, in his statements to the Washington Post, that “it could have been a lot worse. When you have ownership of a trusted dot-gov account like that, it can be weaponized and used for pretty nefarious purposes. [The FBI] probably dodged a bullet.”