FBI's hacked email server sent 100K fake messages

A threat actor sent emails from the Federal Bureau of Investigation (FBI) email server to more than 100,000 people warning them that they are under a cyberattack.

The attacker exploited a misconfiguration in its Law Enforcement Enterprise Portal (LEEP) online application to send legitimate-looking alerts to partners warning them that they had suffered a cyber attack.

The fake emails, which were sent from the compromised official FBI email network Friday night with an @ic.fbi.gov domain, look like this:

The threat actor falsely reported recipients that they became victims of a "sophisticated chain attack" attributed to Vinny Troia, a reputable cybersecurity author.

Vincenzo Troia rejected that he is connected to the incident shortly after its discovery.

The FBI confirmed the cyber incident and disclosed the details of an attack. According to the FBI, the hacker was unable to access any private data, and the compromised FBI server was used only to push notifications for the Law Enforcement Enterprise Portal (LEEP) rather than being connected to the FBI's corporate email network.

Head of the US Cyber Investigations and Incident Response practice Austin Berglas commented on the incident. Berglas believes that the recent cyber attack could lead to serious consequences.

It could have been a lot worse. When you have ownership of a trusted dot-gov account like that, it can be weaponized and used for pretty nefarious purposes. [The FBI] probably dodged a bullet.