On Saturday, Nov. 13, the Federal Bureau of Investigation (FBI) announced that its email servers had been attacked on Friday night, Nov. 12, but the systems had been breached. Those exploited were “taken offline quickly.”
After getting into the FBI’s email system, hackers sent threatening spam emails to over 100,000 persons.
“The FBI and CISA became aware of an incident this morning involving spoofed emails from an @ic.fbi.gov email account,” the FBI and the Cybersecurity and Infrastructure Administration stated.
“This is an ongoing situation and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to www.ic3.gov or www.cisa.gov.”
However, the stolen email system was not what the FBI agents used to transfer secret information, according to Austin Berglas, the president of professional services at cybersecurity firm BlueVoyant and a former FBI special agent.
“Urgent: Threat agent in the system.” states the email’s subject line, which was sent by the Department of Homeland Security’s cybersecurity section.
Hackers enrolled as the Cyber Threat Detection and Analysis Team of the US Department of Homeland Security. This group, however, is said to have been non-existent for years.
The email attack was identified as significant by project Spamhaus, a spam monitoring outfit that supplied “real-time actionable data on spam, phishing, botnets, and malware sources.”
The email claims that an “advanced persistent threat actor” called “Vinny Troia” has stolen the receiver’s information.
However, in real life, Vinny Troia is the director of security research for two dark web intelligence firms, NightLion and Shadowbyte. Hackers appear to have labeled him as the perpetrator to damage his reputation.
Troia said that an internet character named “pompompurin” contacted him a few hours before the spam email cyberattack to say, “Enjoy,”. He believed “pompompurin” carried out that cyberattack.
“The last time they [pompompurin] hacked the national center for missing children’s website blog and put up a post about me being a pedophile,” Troia said according to Blaze media.