XaiJu
dtns
dtns

patreon


Fake Emails Sent from FBI Servers - Threatwire

Added 2021-11-19 17:25:03 +0000 UTC

By Shannon Morse, ThreatWire

The FBI email servers were used to send fake emails to at least 100,000 inboxes, according to the International Threat Intelligence Organization Spamhaus who tweeted about the issue on November 13. These emails told recipients that their networks were breached and data was stolen. They purported to be warnings about a sophisticated chain attack brought on by an advanced threat actor named in the email as Vinny Troia, which happens to be the name of a dark web intelligence firm head of security research. Vinny believes it to be a specific malicious actor who apparently has a long standing rivalry with the researcher.

Two waves of emails happened. The first was at 5AM UTC and the second at around 7AM UTC. They looked to come from legit email addresses at fbi.gov - specifically the FBI’s Law Enforcement Enterprise Portal and they came from the FBI’s real IP address. LEEP is used to communicate with state and local law enforcement partners. The origin was also verified by DKIM signature. The FBI opened an investigation and believes they were sent due to a software misconfiguration that temporarily allowed the attacker to send fake emails. Registering on LEEP just required filling out contact info, being sent a one time passcode for authentication, and this code was leaked to the HTML for the webpage. So the attacker could change the parameters to create an email and automate sent emails.

So where did the attacker get the recipient email addresses? According to Spamhaus, they were scraped from the ARIN database, which is the American Registry for Internet Numbers. The FBI did state that this was fake, and was probably a prank, given they’re support desks are totally bogged down with concerned users.

Prank or not, the FBI is taking it seriously. They mention the actor wasn’t able to access PII or the corporate network. They also stated they remediated the software vulnerability with a day of learning of the incident and they confirmed “integrity of their networks”.

FBI Spam:

https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/

https://twitter.com/spamhaus/status/1459451401269043201

https://twitter.com/vinnytroia/status/1459515619838251010

https://thehackernews.com/2021/11/fbis-email-system-hacked-to-send-out.html

https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/

https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails


More Creators

morganavr

morganavr

 patreon
H Andersonsos

H Andersonsos

 gumroad
conunu

conunu

 gumroad
BOJDO Yakub

BOJDO Yakub

 patreon
harleyblaze

harleyblaze

 patreon
Alberto zekrom

Alberto zekrom

 patreon
Susie

Susie

 gumroad
Homerrier

Homerrier

 patreon
sgtmadness

sgtmadness

patreon
OurHandsH

OurHandsH

 patreon
AMagicWriter

AMagicWriter

 patreon
炭酸水

炭酸水

 fanbox
かくかくさん

かくかくさん

 fanbox
hhh_hudiki

hhh_hudiki

 fanbox
ShadedSided

ShadedSided

 gumroad
Kayzi Genshin

Kayzi Genshin

 patreon
psychowolf

psychowolf

 gumroad
kabuka

kabuka

 patreon
ssexpig

ssexpig

 fanbox
shibakumiko

shibakumiko

 patreon
zhuyin

zhuyin

 patreon
Noire

Noire

 patreon
murasakiyuki

murasakiyuki

 patreon
lordmin

lordmin

 patreon
shinybacon

shinybacon

 patreon
Kristy P brushes

Kristy P brushes

 gumroad
ムラヤマリオ

ムラヤマリオ

 fanbox
sho(ショウ)

sho(ショウ)

 fanbox
tesseract3d

tesseract3d

 patreon
Yuumiyu

Yuumiyu

 patreon
siyo

siyo

 patreon
DJ Normality

DJ Normality

 patreon
Negu

Negu

 gumroad
ytfrcars

ytfrcars

 patreon
中乃空

中乃空

 fantia
shinyaoya

shinyaoya

 fanbox
傀儡謡

傀儡謡

 fanbox
poofroom

poofroom

 patreon
wwwhite1st

wwwhite1st

 patreon
saigo_ebizori

saigo_ebizori

 patreon