Hackers targeted the FBI’s email system over the weekend and spewed out tens of thousands of official-looking emails that warned of a cyberattack, according to the bureau.
The emails came from the @ic.fbi.gov address and warned people of a “threat actor” in their systems.
The FBI on Sunday blamed a software misconfiguration that temporarily allowed someone to leverage the Law Enforcement Enterprise Portal it uses to communicate with state and local partners.
“While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service,” the bureau tweeted, adding that hackers were unable to compromise data on its network. “Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.”
A security-monitoring group, Spamhaus, posted a screenshot of the emails that shows a meandering and technical message warning of cyberattacks led by a guy named Vinny who is connected to an extortion gang.
The signoff at the bottom suggests the fake email is from the U.S. Department of Homeland Security.