September 23, 2021
A yet unidentified actor hacked a Federal Bureau of Investigation (FBI) server to send some 100,000 spam emails that contained information regarding an alleged breach in the systems. The rambling way it was written and the many tech nonsense details given make this seem like some sort of prank or revenge.
On November 13, the FBI announced they were aware of a threat actor taking over one of their servers to impersonate the Bureau and send misleading spam emails from a "@ic.fbi.gov" email account and said the affected hardware was taken offline immediately.
The first reports came from Spamhaus, a European-based nonprofit firm focusing on tracking spam, which noted that the recipients seem to be email addresses scraped from the American Registry for Internet Numbers (ARIN) database. A sample of the sent email was published and can be seen below.
What's interesting to note is that the random text reads, "We identified the threat actor to be Vinny Troia, who is believed to be affiliated with the extortion gang TheDarkOverlord." For the record, Vinny Troia is the Night Lion Security CEO. The gang and the researchers have a history, as in May 2021, Troia was able to link ShinyHunters with TheDarkOverlord, creating a detailed infographic. The hackers actively targeted Data Viper as revenge against the researcher’s efforts to identify and expose them, and they were eventually linked with the MGM Resorts hack, which mobilized the law enforcement authorities and allegedly forced the group to change its name.
On November 14, the FBI made another public statement, clarifying that the server was a Law Enforcement Enterprise Portal (LEEP) one used to push notifications and not part of the FBI’s corporate email service and that no data or PII were compromised.
The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners. While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.