The FBI has fixed a misconfigured web portal that allowed hacktivists to send thousands of fake emails to recipients.
News emerged over the weekend that individuals were receiving emails purporting to come from the Department of Homeland Security (DHS) Network and Analysis Group, but which had been sent from a @ic.fbi.gov account.
According to screenshots shared on Twitter, they warned of “exfiltration of several of your virtualized clusters in a sophisticated chain attack” — blaming a noted security researcher for the ‘attack.’
In an update on Sunday, the Feds claimed a software configuration error allowed the actor to temporarily hijack the agency’s Law Enforcement Enterprise Portal (LEEP) to send the emails.
“LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners. While the illegitimate email originated from an FBI-operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service,” it explained.
“No actor was able to access or compromise any data or PII on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.”
The scam spam run appears to have been an attempt to troll security researcher Vinny Troia, claiming that he was responsible for the non-existent attacks and colluded with extortion gang TheDarkOverlord.
Troia shared screenshots indicating that the weekend spam run was likely the work of an individual linked to the @pompompur_in Twitter account.
In one exchange of messages he shared, the Twitter user expressed dismay that Troia’s account had accrued more followers because of the incident.