Cyber criminals breached the FBI’s external emails over the weekend, sending out a fake warning message to thousands of people.
The United States’ Federal Bureau of Investigation confirmed that a software loophole enabled threat actors to gain access into the organisation’s Law Enforcement Enterprise Portal (LEEP), where threat actors sent fake warning emails to thousands of people and organisations across the US.
The LEEP, the FBI explained, is an IT infrastructure that the bureau uses to communicate with other state and local law enforcement entities. The FBI has reassured the public that the email server was not part of the bureau’s larger email network.
“While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service,” a release from the bureau read.
“No actor was able to access or compromise any data or PII on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails and confirmed the integrity of our networks.”
The FBI confirmed that the emails originated from an @ic.fbi.gov email account, and that the exploitable vulnerability has been fixed.
The fake emails, interestingly, warned users of a hack in the FBI’s network and were addressed from the US Department of Homeland Security.
These emails look like this:— Spamhaus (@spamhaus) November 13, 2021
Sending IP: 22.214.171.124 (https://t.co/En06mMbR88)
Subject: Urgent: Threat actor in systems pic.twitter.com/NuojpnWNLh
Threat intelligence organisation Spamhaus theorised on Twitter that the email may be part of a “scare-ware” campaign.
“It's a guess, but our thought is that it's a combination scare-ware (get people to shut things down or make changes in a hurry), and a character assassination against the guy named in it, AND a way to make the FBI scramble,” according to Spamhaus’ Twitter account.
The perpetrator remains unknown.
[Related: mySA GOV digital licence accounts hacked]