What happened? It was recently revealed that an email warning about a sophisticated cyber attack is a hoax perpetrated using real FBI servers. Project Spamhaus, an international organization that supports law firms and organizations around the world, identified thousands of emails sent across multiple waves early Saturday morning. Researchers and analysts believe the messages are only a small part of a larger attack.
The fake messages appear to have been sent from the FBI Law Enforcement Portal using a valid FBI email address. Analysts at the Spamhaus project confirmed that the source actually came from the office servers, noting the actual IP address used and email header information in the message. The fake alert, which was sent to legal addresses taken from the US Nonprofit Registration Database (ARIN), is believed to have reached at least 100,000 real recipients. p>
While the message does not appear to contain Be Destructive. Bellod wasted no time trying to appoint a leading cyber security expert to this event. Dr. Winnie Troy, founder of Shadowbyte Dark Web Intelligence, has been identified as a threatened actor. This isn't the first time he's been targeted by this type of attack. In another recent incident related to the National Center for Missing Children, an attacker accessed the site's blog and published a post accusing Troia of being a pedophile. p>
The forms are: Send IP: 188.8.131.52 (https://t.co/En06mMbR88) From: email@example.com Topic: Immediate: Threats in systems pic.twitter.com/NuojpnWNLh- Spamhaus (spamhaus) November 13, 2021
The AFBI has issued a statement to BleepingComputer indicating that no further information is currently available, but urges recipients to report any suspicious activity if identified.
“The FBI and CISA are aware of an incident this morning involving fake emails from an @ic.fbi .gov email account. We encourage you to beware of unknown senders and ask that you report suspicious activity .www.ic3.gov or www.cisa.gov.”
This attack appears to be mostly the same in a field performed by an individual (or group) called a 'bompoporin'. Screenshots posted to Troia's social media account support her earlier claims that she usually receives messages before an attack or attempt to discredit her. In addition to this latest incident, Troia has been a frequent target of the hacker community RaidForums, which has carried out many similar attacks in the past to destroy websites and damage Troia's credibility.
Image Credit: Spamhaus>
Hackers use real FBI servers to send fake cyber attack alerts