What happened now? A sophisticated cyberattack e-warning has recently been identified as a hoax using real FBI servers. The Spamhaus Project, an international organization that supports companies and law enforcement agencies around the world in the area of cyber threats, has identified several thousand emails delivered in multiple waves early Saturday morning. The organization’s researchers and analysts believe these messages are only a small part of a larger attack.
The fraudulent messages appear to have been sent from the FBI’s corporate law enforcement portal using a valid FBI email address. Spamhaus project Analysts confirmed that the source was indeed from the Bureau’s servers, citing both the actual IP address used and the email header information included in the message. A fake warning sent to legitimate addresses taken from the American Registry for Internet Numbers (ARIN), presumably reached at least 100,000 valid recipients.
While the message did not appear to contain any malicious payload, it wasted no time in attempting to frame a well-known cybersecurity expert for this event. Vinnie Troy, Ph.D., founder of Dark Web Intelligence Shadowbyte, was identified as the culprit in the fake attack. This is not the first time he has been attacked by this kind of attack. In another recent incident involving the website of the National Center for Missing Children, an attacker accessed the site’s blog and left a message in which Troy was accused of pedophilia.
These letters look like this:
– Spamhaus (@spamhaus) 13 November 2021
The FBI has released a statement to BleepingComputer saying there is no further information at this time, but calls on recipients should report suspicious activity when detected.
“The FBI and CISA are aware of the incident this morning involving bogus emails from the @ ic.fbi.gov email account. This is a permanent situation and we are unable to provide any further information at this time. We continue to encourage the public to be wary of unknown senders and persuade you to report suspicious activity to www.ic3.gov or www.cisa.gov. “
The attack appears to be another in a line carried out by a man (or group) called “pompompurin”. Screenshots posted to Troy’s social media account confirm his previous claims that he usually gets messages before any attack or attempt to discredit his reputation. In addition to this latest incident, Troia has been a constant target of the RaidForums hacking community, which has carried out several similar attacks in the past to corrupt websites and undermine Troia’s credibility.
Image Credit: Spamhouse