Hackers have recently chopped into the external email system of the US Federal Bureau of Investigation (FBI). And the FBI has reinforced that the emails sent this Saturday from its hacked server warning of a possible cyber attack are false.
The alerts were sent to the contacts indicated in the database of the North American Registry of Internet Numbers.
However, all the emails professed to warn regarding a “sophisticated chain attack” and all these are being initiated by an advanced threat actor known, as Vinny Troia, the head of security research of the dark web intelligence companies:-
- NightLion
- Shadowbyte
Fake Content Delivered Through The Legitimate Address
The cybersecurity researchers at the Spamhaus Project have observed two waves of this campaign and it is claimed to be an international nonprofit organization that generally tracks email spammers and spam-related activity.
However, the messages that have been received by the organization came from a legitimate email address:-
After investigating it the experts came to know that it is from the FBI’s Law Enforcement Enterprise Portal (LEEP), and it has a subject named:-
- “Urgent: Threat actor in systems”
However, after verified investigation, the FBI itself has confirmed that the content of the emails is fake. So, just after this incident, the helpdesk of the FBI is flooded with multiple calls from worried admins, but, they have assured they are working hard and fast to fix this issue.
FBI internal servers that processed the emails
Here we have mentioned the internal servers of the FBI that processed the emails:-
- dap00025.str0.eims.cjis
- wvadc-dmz-pmo003-fbi.enet.cjis
- dap00040.str0.eims.cjis
Proposed to Destroy The Good Reputation of Security Researchers
Here the main motive of the attacker behind this campaign is to destroy the name of Vinny Troia since he is one of the well-renowned figures in the cyber industry and the main founder of dark web intelligence company Shadowbyte.
After this, the US investigative agency declared that:-
“This kind of situation is very rare and it’s quite hard to provide any strong information regarding the campaign.”
While Austin Berglas, the cybersecurity head of BlueVoyant claimed that the FBI has several email systems. And the one that has been hacked is publicly available, not only this but it can also be used by FBI agents and employees for electronic correspondence with citizens.
So, in this kind of campaign, the threat actors generally use the databases of public email addresses to send out spam emails.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.
