Hackers fire off hoax email messages from FBI account after exploiting misconfigured server

Written by
Nov 15, 2021 | CYBERSCOOP

Hackers sent a barrage of fake emails over the weekend using an FBI email account, the agency acknowledged, to falsely warn recipients that an attacker stole their information.

The nonprofit spam-tracking service Spamhaus Project estimated that the hoax email campaign comprised as many as 100,000 messages. The FBI said that the hackers temporarily broke in via a software misconfiguration for its Law Enforcement Enterprise Portal that the bureau uses to communicate with state and local law enforcement agencies.

“While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service,” the FBI said in a Sunday update. “No actor was able to access or compromise any data or PII on the FBI’s network.”

The email campaign sought to smear Vinny Troia, a cybersecurity author and CEO of Night Lion Security, as the party responsible for the alleged stolen data. Someone going by the name Pompompurin reportedly claimed credit for the false emails, saying their intent was to expose a vulnerability in the FBI’s system.

“I could’ve 1000% used this to send more legit

Read More: https://www.cyberscoop.com/fbi-email-account-spamhaus-misconfigured-troia-pompompurin/