Nov 13 (Reuters) – Hackers compromised a Federal Bureau of Investigation email system on Saturday and sent tens of thousands of messages warning of a possible cyberattack, according to the agency and security specialists. Fake emails appeared to come from a legitimate FBI email address ending in @ic.fbi.gov, the FBI said in a statement. Although the hardware impacted by the incident “was taken offline quickly upon discovery of the issue,” the FBI said, “This is an ongoing situation.” The hackers sent tens of thousands of emails warning of a possible cyberattack, threat-tracking organization Spamhaus Project said on its Twitter account. A copy of an email posted by Spamhaus on Twitter showed a subject line of “Urgent: Threat actor in systems” and appeared to end with a sign-off from the Department of Homeland Security. Both the FBI and Cybersecurity & Infrastructure Security Agency are aware of the incident, the FBI statement said.
The emails warning of a “sophisticated” cyber security threat were first flagged on Saturday by cyber security experts on social media, forcing the FBI to publicly confirm the agency was “aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation and we are not able to provide any additional information at this time,” the FBI said in a statement to Nexstar, adding that the public should report any “suspicious” emails from “unknown senders.”
These emails look like this:Sending IP: 153.31.119.142 (https://t.co/En06mMbR88)From: eims@ic.fbi.govSubject: Urgent: Threat actor in systems pic.twitter.com/NuojpnWNLh
— Spamhaus (@spamhaus) November 13, 2021
The email system hackers appear to have gained access to is one used by agents and officials with the department to communicate with the public, according to a report from Bloomberg, which would mean it is not a system hosting classified emails.
The following chart shows email traffic originating from the FBI mailserver (https://t.co/En06mMbR88 | 153.31.119.142) involved. You can clearly see the two spikes caused by the fake warning last night. Timestamps are in UTC. pic.twitter.com/vPKvzv74gW
— Spamhaus (@spamhaus) November 13, 2021
The Spamhaus Project, an organization focusing on “spam, phishing, botnets and malware sources,” first reported on the “scary” emails, providing an example and explaining the convincing part is the fact that the hackers behind the false messages have access to official headers and they are coming from “FBI infrastructure.”
Tens of thousands of bogus warnings were reportedly sent out as part of the cyberattack.
I asked the FBI for comment. Here’s what they said: “The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation and we are not able to provide any additional information at this time.” https://t.co/9ZO8poygDC
— briankrebs (@briankrebs) November 13, 2021
Source: https://www.reuters.com/world/us/hackers-compromise-fbis-external-email-system-bloomberg-news-2021-11-13/ & https://www.rt.com/usa/540219-fbi-hacked-cyberthreat-emails/
