The Federal Bureau of Investigation computer system was the victim of a massive hack on Friday night that caused their email system to send a number of emails.
According to a report by The Blaze, the federal system sent threatening emails to more than 100,000 people, an even that caused no small amount of concern.
The FBI announced the hack and notified the public about the emails, saying that the systems effected were “taken offline quickly,” and the that the impact was minimal:
“The attackers used legitimate FBI systems to conduct the attack, using email addresses scraped from a database for the American Registry for Internet Numbers (ARIN), among other sources,” technology blog Engadget reported. “Over 100,000 addresses received the fake emails in at least two waves.”
One of the key way to spot a fake email is if it was signed off as the U.S. Department of Homeland Security’s Cyber Threat Detection and Analysis Group, something that hasn’t existed for some years.
Additionally, the email subject lines read: “Urgent: Threat actor in systems.”
The email spam watchdog group Spamhaus Project has been monitoring the situation and is providing “real-time actionable data on spam, phishing, botnets, and malware sources” stated on Saturday that they are “aware” of the “scary” emails set from the FBI/DHS servers.
“While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake,” the non-profit threat intelligence organization wrote on Twitter.
“These fake warning emails are apparently being sent to addresses scraped from ARIN database. They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure. They have no name or contact information in the .sig. Please beware!”
We have been made aware of "scary" emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.
— Spamhaus (@spamhaus) November 13, 2021
In the email, recipients are told that their information was stolen by an “advanced persistent threat actor” named “Vinny Troia,” who they claim is a cybercriminal with the group named “The Dark Overlord.”
Troia is not believed to be responsible for this, though he does work in the cyber space as the head of security research of dark web intelligence companies NightLion and Shadowbyte, according to The Blaze.
The security researcher told Bleeping Computer he believes he is being targeted as a way of discrediting him.