At least 100,000 fake emails were sent from the FBI’s mail server on Saturday, according to a threat tracking service.
The FBI said on Sunday in a statement that those behind the emails were not able to “access or compromise” any data on the agency’s network, though.
The FBI said that “an actor” was able to gain access to the Law Enforcement Enterprise Portal (LEEP) to send the fake emails.
LEEP is used to communicate with state and local law enforcement partners.
The emails came from an FBI server that was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service.
“Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks,” the FBI said.
The Spamhaus Project, a non-profit that tracks email cyber-threats, said in a statement on Saturday that there were two emailing campaigns at 5 a.m. and 7 a.m. on the day of the attack.
According to its telemetry, Spamhaus believes at least 100,000 mailboxes were hit, but said, “the campaign was potentially much much larger.”
It said the recipient addresses seem to have been scraped from the American Registry for Internet Numbers (ARIN), which is also the internet registry for Canada.
The FBI did not say the reason behind the emails as it is an ongoing situation.
According to Spamhaus, the emails had the subject “Urgent: Threat actor in systems,” warned of a possible cyberattack and was signed Department of Homeland Security, though the FBI is part of the Department of Justice.
The emails also identified Vinny Troia as a “threat actor” associated with the hacking group The Dark Overlord.
In fact, Troia is the founder of the cybersecurity company Night Lion Security, which released a detailed report on The Dark Overlord in 2020.
Spamhaus said the emails could be a “character assassination” of Troia from the hacking group.
Night Lion’s report said the group, headed by 19-year-old Christopher Meinuer, was responsible for 30 per cent of non-credit card global data breaches between 2016 and 2020 and extorting Disney and Netflix in 2017.
Meinuer lives in Calgary, according to the report.