Header Ads

Someone Hacked the FBI & Sent Fake Cybersecurity Email Warnings

Unidentified hackers have breached an FBI email server and sent tens of thousands of spam messages about a fake cyberattack. Cybercrime has been on an upswing during the pandemic, with many companies reporting massive data breaches over the past year and a half. This year, one of the most prominent cyberattacks was the Colonial Pipeline hack that resulted in a massive fuel shortage across vast parts of the United States. The commission-free stock trading app Robinhood also recently disclosed a massive hack affecting millions of its customers.

Phishing has also emerged as one of the most persistent problems, with Microsoft earlier this year uncovering a massive operation called BulletProofLink that offers phishing-as-a-service, or PhaaS. Cryptocurrency scams and ransomware attacks have also been on the rise, with numerous cases coming to light in recent times. Other reports suggest that scammers carry out crypto frauds via popular dating apps, such as Tinder, Bumble and Grindr. Criminals are also resorting to SIM-swapping scams and using AI voice-cloning techniques to swindle banks out of millions of dollars.

Related: T-Mobile Hack Affects 47 Million Users — How To Know If You're Included

The FBI on Saturday announced that one of its email servers was hacked into by unidentified malicious actors. Following the unauthorized access, the fbi.gov domain name and internet address were used to send thousands of hoax emails that impersonated the FBI's authentic cyberattack warnings. According to the FBI, a "software misconfiguration" allowed the unidentified threat actor to access its portal and send out the hoax emails. The FBI has since clarified that no valuable data or personal identifiable information has been leaked in the hack. The agency also said that it had mitigated the vulnerability and warned everybody to disregard the spam emails.

The FBI also clarified that the compromised server did not communicate any classified information and was only used by agents to communicate unclassified information with state and local law enforcement agencies. As for the hoax emails, they were sent out under the banner of the U.S. Department of Homeland Security and claimed that the FBI is investigating a massive cybersecurity incident whereby the recipients' systems were hacked and their data were stolen.

The emails tried to implicate a well-known cybersecurity researcher named Vinny Troia for the fictitious attacks. Troia is the head of security research at the dark web intelligence companies NightLion and Shadowbyte and is not believed to be under FBI investigation. On his part, Troia reportedly claimed that someone known online as 'pompompurin' might be behind the attack as they have been involved with similar smear campaigns against him in the past.

Next: Apple Pay With Visa Can Be Remotely Hacked, But Should You Be Worried?

Source: FBI, Bleeping Computer

No comments:

Powered by Blogger.