The FBI stated on Saturday that unidentified threat actors had breached one of its email systems and to send hoax messages about a fake “sophisticated chain attack.”
The incident involved sending rogue warning emails with the subject line “Urgent: Threat actor in systems” originating from a legitimate FBI email address “eims@ic.fbi[.]gov” framing the attack on Vinny Troia, a security researcher and founder of dark web intelligence firms Night Lion Security and Shadowbyte, while also claiming him to be affiliated with a hacking outfit named TheDarkOverlord.
The email blasts occurred across two “spam” waves, one immediately before 5:00 a.m. UTC and the other shortly after 7:00 a.m. UTC, according to SpamHaus’ own telemetry data.
However, according to researcher Marcus Hutchins of Kryptos Logic, the purpose appears to be to discredit Troia. Hutchins tweeted “Vinny Troia wrote a book revealing information about hacking group TheDarkOverlord. Shortly after, someone began erasing ElasticSearch clusters leaving behind his name. Later his Twitter was hacked, then his website. Now a hacked FBI email server is sending this,”
In an additional investigation, Brian Krebs of Krebs on Security, who also received an independent missive from the attacker, detailed that the “spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.”