FBI Says Its System Was Exploited to Email Fake Cyberattack Alert

The alert was mumbo jumbo, but it was indeed sent from the bureau’s
email system, from the agency’s own internet address.

The FBI admitted on Monday morning that an attacker exploited a flaw in how an agency messaging system is configured: a flaw that let an unknown party send out a flood of fake “urgent” warnings about bogus cyberattacks.

The Spamhaus Project, a European nonprofit that monitors email spam, detected the exploit and tweeted about it early Saturday morning, saying that “We have been made aware of ‘scary’ emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.”

We have been made aware of “scary” emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.

— Spamhaus (@spamhaus) November 13, 2021

Late on Friday night, the FBI/DHS’s infrastructure – specifically, the Law Enforcement Enterprise Portal (LEEP) –

Read More: https://threatpost.com/fbi-system-exploit-email-fake-cyberattack-alert/176333/