FBI is 'HACKED and spam emails about fake cyberattacks are sent out from gov system'

November 13, 2021

THE Federal Bureau of Investigation (FBI) had its email system hacked this morning, sending out fake messages about cyberattacks.

The rogue emails, sent from the FBI’s email infrastructure are said to contain a warning from the Department of Homeland Security (DHS) concerning a cyberattack.

The non-profit organization Spamhaus Project, based in Andorra and Switzerland, which tracks spam, said in a Twitter message its analysis had shown the unusual emails are being sent from accounts "scraped" from the American Registry for Internet Numbers (ARIN) database.

"We have been made aware of 'scary' emails sent in the last few hours that purport to come from the FBI/DHS [Department of Homeland Security]," the Spamhaus Project said in a post on Twitter.

"While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake."

Social media users have reported receiving the oddly worded email which refers to a “sophisticated chain attack” and makes reference to “the extortion gang TheDarkOverlord”.

The fake email came from the address [email protected] and was signed with the message “Stay safe” and claimed to be from the DHS.

It added the term "Cyber Threat Detection and Analysis" and "Network Analysis Group" to the end of the message.

"We highly recommend you to check your systems and IDS monitoring. Beware this threat actor is currently working under inspection of the NCCIC, as we are dependent on some of his intelligence research we can not interfere physically within 4 hours, which could be enough time to cause severe damage to your infrastructure," the email read.

The email had "Urgent: Threat actor in systems" in its subject line.

"These fake warning emails are apparently being sent to addresses scraped from ARIN database," the Spamhaus Project tweeted.

"They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure. They have no name or contact information in the .sig [signature block]. Please beware!"

In response to a question from a Twitter user about blocking the server in order to give the FBI time to fix the issue, the Spamhaus Project tweeted: "Our telemetry indicates that there were two 'spam' waves, one shortly before 5 AM (UTC) [12.am. E.T.] and another one shortly after 7 AM (UTC) [2a.m. E.T.]. The FBI has been getting many calls about it. We are therefore refraining from further actions against the sending IP addresses."

We pay for your stories!

Do you have a story for The US Sun team?

Email us at [email protected] or call 212 416 4552.

Like us on Facebook at www.facebook.com/TheSunUS and follow us from our main Twitter account at @TheSunUS

Source: Read Full Article