The Federal Bureau of Investigation (FBI) email server was hacked on Saturday night and was used to send spam emails with a warning of a cyberattack to at least 100,000 people and companies.
The email whose subject line was “Urgent: Threat Actor in Systems,” was signed off as the U.S. Department of Homeland Security’s Cyber Threat Detection and Analysis Group which has not existed for two years.
The FBI said in a statement “It is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails”. LEEP is FBI’s IT infrastructure used to communicate with state and local law enforcement partners.
The agency noted that while the fake email originated from an FBI operated server, the actor was not able to access or compromise any data or personal identifiable information (PII) data on its network.
It added: “Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks”.
The email claimed that cybersecurity expert and Founder of Night Lion Security Vinny Troia, who did an investigation of the hacker group The Dark Overload, was the threat actor.
In 2017, The Dark Overlord compromised Disney and Netflix systems and threatened to release advanced copies of their studio productions if their ransom demands were not met.