A hacker has infiltrated an FBI email account and sent thousands of emails from the agency warning recipients they’re under a cyberattack on Saturday.
The fraud email hit 10,000 inboxes in two ‘spam’ waves – one just before 5am UTC and another shortly after 7am UTC, according to Spamhaus, a European nonprofit dedicated to tracking digital threats.
In a statement posted later in the day the FBI noted that the impacted hardware was ‘taken offline quickly.’
However, the statement did warn that the situation is still ‘ongoing’ and Spamhaus released a screenshot of one of the emails, which warned that the FBI’s intelligence was conducting a ‘sophisticated chain attack.’
Spamhaus – which regards itself as an ‘international threat intelligence organization’ – took to Twitter to announce that early that it had been ‘made aware of scary emails… that purport coming from the FBI/DHS [Department of Homeland Security].’
In the early hours of Saturday morning, a Twitter account by the name of Spamhaus – a European nonprofit dedicated to tracking digital threats – announced it had found out about the ‘scary emails’ sent from an FBI email address
The federal agency’s statement confirmed the messages were sent to thousands of organizations from a legitimate FBI email address but said the ‘impacted software was taken offline quickly.’
The emails – which had the subject ‘Urgent: Threat actor in systems’ – were signed off by the DHS Cyber Threat Detection and Analysis Department.
‘We cannot interfere physically within 4 hours, which could be enough time to cause severe damage to your infrastructure,’ the email added.
The account also took to Twitter to warn that ‘these fake warning emails’ were being ‘sent to addresses scraped from ARIN databases.’
An American Registry for Internet Numbers (ARIN) database is a nonprofit, member-based organization that gives out IP addresses, according to the registry’s website.
The FBI’s statement then encouraged receivers to report any other suspicious activity to ic3.gov or cisa.gov.
The emails in question were sent from email@example.com.
Spamhaus, a European nonprofit dedicated to tracking digital threats, suggested that the hacker behind the emails was possibly convincing people to shut down their systems, flood the FBI with calls or simple ‘for the lulz’ – or laughs.
‘Maybe all of the above. Maybe something else!’ the account tweeted, adding in a later post: ‘Who knows what goes on in the minds of people who do these things?’
‘We are not able to provide any additional information at this time,’ the FBI statement read.
This is just the latest in cyberattacks against the FBI.
In December 2020, hackers backed by the Russian government reportedly monitored internal email traffic at the Treasury Department and the Department of Commerce for months.
The hack involved the National Telecommunications and Information Administration’s office software, Microsoft’s Office 365. Staff emails at the agency were monitored by the hackers for an extended period of time, sources told Reuters.
The hack was carried out by a group known as APT29 or Cozy Bear and they were said to be working for SVR, the Russian foreign intelligence service
Then, just three weeks ago, Russian President Vladimir Putin’s SVR intelligence agency launched another hacking campaign against American companies.
The same Russian-based agency behind last year’s massive SolarWinds cyberattack tried to hack another 140 tech companies, its latest intrusion into U.S. cyber infrastructure.
It happened just months after the United States expelled 10 diplomats over the last hack, which took place back in July when Russian hackers managed to infiltrate the email accounts of some of America’s most prominent federal prosecutors, sparking fears they may have stolen sensitive information pertaining to investigations into former President Donald Trump and Ghislaine Maxwell.
The Justice Department revealed the alarming information, with 27 U.S. Attorney offices across the country having one or more of their email accounts compromised during the hacking campaign, said to have run between May and December 2020.
A department spokesman said 80 percent of Microsoft email accounts used by employees in the four U.S. Attorney offices in New York were breached.