At least 100,000 people received spam emails from a Federal Bureau of Investigation email server on Friday, November 12 night, after hackers compromised the system. According to , Bloomberg, the message contained warnings of a possible cyberattack. FBI noted in a statement that the spam emails appeared to have been sent from a legitimate FBI email address ending in @ic.fbi.gov.
The FBI noted in a statement that the impacted hardware was taken offline quickly upon discovery of the issue. "We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to ic3.gov or cisa.gov." The FBI further noted that this is an "ongoing situation" and no additional information is available at the moment.
'The Dark Overlord'
The email message sent by the alleged hacker was a strange, technically incomprehensible warning that referenced cybersecurity writer Vinny Troia and a cybercriminal group called 'The Dark Overlord.' Troia's company, Night Lion Security published a paper on the said cybercriminal group in January. The motives of the hacker were not clear at the moment. It is also not known to which extent the FBI's servers have been compromised.
'Poor coding on FBI portal'
The hacker signed off the emails as the US Department of Homeland Security's Cyber Threat Detection and Analysis Group, which has not been in existence in at least two years. Investigative journalist, Brian Krebs alleged that the "person claiming responsibility says they were able to send the messages by abusing poor coding on an FBI portal." Threat-tracking organization Spamhaus Project posted a copy of the email on their Twitter handle which showed a subject line of "Urgent: Threat actor in systems". Spamhaus also reported that the "fake warning emails were apparently being sent to addresses scraped from the ARIN database."
A number of US government networks have been compromised in recent months including a Russian-based attack that breached at least nine federal agencies. A Chinese hacking attack was so severe that the Cybersecurity and Infrastructure Agency had issued a mandate to all government agencies to update their software.