Hackers have hit the FBI’s email platform and sent fake messages from the system, the Federal Bureau of Investigation and the CISA (Cybersecurity and Infrastructure Security Agency) confirmed.
The FBI’s statement about the email compromise said:
“The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation, and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to ic3.gov or cisa.gov.”
Additional details about the FBI email attack, from spam threat intelligence organization Spamhous, suggested:
hackers sent “scary” emails from infrastructure that is owned by the FBI and the U.S. Department of Homeland Security (DHS). The fake warning emails were apparently sent to addresses scraped from ARIN database. They caused a lot of disruption because the headers are real, Spamhous asserted.The spam messages were sent by abusing insecure code in an FBI online portal, KrebsOnSecurity reported.
Stay tuned for additional updates on this story.