The Federal Bureau of Investigation (FBI) revealed on Saturday that one of its email systems had been hacked, resulting in spam emails purporting to be from the agency and the Department of Homeland Security being distributed to the general public.
FBI's email was compromised. Hackers sent over 100,000 spam messages.
Hacker Gained Access to FBI's Email
According to the Spamhaus Project, in a recently published article in MSN News, which analyzes spam and associated cyber dangers, the hackers sent out tens of thousands of emails using an FBI email account warning of a potential cyberattack.
Austin Berglas, head of professional services at the cybersecurity firm BlueVoyant, said that the FBI has various email systems. The one that seems to have been hacked on Saturday is a public-facing one that agents and employees may use to correspond with the public. When sending classified material, agents are expected to utilize a different email system, he added.
Moreover, the hacker signed off as the Cyber Threat Detection and Analysis Group of the US Department of Homeland Security, which has not existed in at least two years, according to a recently published news article in Yahoo News.
The Cyberattack Started at Midnight Saturday
According to Spamhaus, the assaults began at midnight on Saturday in New York, with a follow-up effort starting at 2 a.m. Additionally, in data obtained from the NGO, the spam emails ended up in at least 100,000 mailboxes, and it is still not known the extent of the attack.
The email sent using the FBI account states, "Urgent: threat actor in systems." The mail was signed by the US Department of Homeland Security, and it informed recipients that the threat actor looked to be cybersecurity specialist Vinny Troia, who wrote an investigation into the hacker organization The Dark Overlord last year, according to a report published in Bloomberg.
Cyberattacks in the US
The FBI often alerts American businesses to cyber threats aimed at particular sectors or when it learns of criminal hackers using a successful new tactic. This is thought to be the first instance of a shady character obtaining access to one of those systems to distribute spam to many individuals.
The incident follows a series of high-profile hacking attacks on US government networks in recent months, including a Russian-based attack that compromised at least nine federal agencies and a Chinese-based hacking campaign, so severe that the Cybersecurity and Infrastructure Security Agency had to issue a rare mandate requiring all government agencies to update their software immediately.
While it's usual for fraudsters to send emails using someone else's address, the metadata on the emails revealed that they were sent from an FBI server, according to Alex Grosjean, a researcher at the Spamhaus Project, a European charity that tracks email spam.
According to Grosjean, the email recipients seem to be publicly listed administrators of domains registered on the American Registry for Internet Numbers. The FBI and the Cybersecurity and Infrastructure Security Agency stated in an emailed statement that an unauthorized individual had entered FBI infrastructure and that the incident was still underway.
Related Article: Biden Administration Prepares for Possible Cyber Attacks Before Labor Day, Urges Companies to Be On Alert
