Cybersecurity incident
Oversight Group: Hacker Sent Spam Emails Using FBI Portal
A European oversight group revealed that a malicious hacker sent spam emails from an FBI email server to at least 100,000 individuals.
The email referenced cybersecurity writer Vinny Troia and The Dark Overlord, a cybercriminal group that threatened to leak 9/11 information in 2019. Troia’s company, Night Lion Security, published research on the group in January. The email was issued by an actor who claimed to be a member of the Department of Homeland Security’s Cyber Threat Detection and Analysis Group, an organization that has not existed for at least two years, NBC News reported Monday.
The activity was reported by The Spamhaus Project, a European nonprofit organization that monitors spam emails. Alex Grosjean, a researcher at The Spamhaus Project, said the emails were sent to website administrators that are listed on the American Registry for Internet Numbers.
An FBI spokesperson said the perpetrator exploited a flaw in the agency’s Law Enforcement Enterprise Portal to send emails. The spokesperson noted that the hacker was not able to access FBI files or compromise data or personally identifiable information.
The FBI refused to share more information about the incident.
The spam blast comes following a series of high-profile cyberattacks on U.S. government networks, including the Russia-based SolarWinds hack and a Chinese-based campaign that prompted the Cybersecurity and Infrastructure Security Agency to issue a mandate for all government agencies to update their software.
Category: Cybersecurity