- OpenAI, SoftBank, Oracle lead $500B Project Stargate to ramp up AI infra in the US
- 오픈AI, 700조원 규모 'AI 데이터센터' 프로젝트 착수··· 소프트뱅크·오라클 참여
- From Election Day to Inauguration: How Cybersecurity Safeguards Democracy | McAfee Blog
- The end of digital transformation, the rise of AI transformation
- 줌, '팀챗' 업데이트··· "사이드바 통해 업무 간소화"
Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email server
Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks.
The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings of fake sophisticated chain attacks from an advanced threat actor. The message tells the recipients that their network has been breached and that the threat actor has stolen their data.
“Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack. We tried to blackhole the transit nodes used by this advanced persistent threat actor, however there is a huge chance he will modify his attack with fastflux technologies, which he proxies trough multiple global accelerators. We identified the threat actor to be Vinny Troia, whom is believed to be affiliated with the extortion gang TheDarkOverlord” reads the message.
Curiously, the fake emails claim that the attack was carried out by a threat actor known as Vinny Troia, who but Troia i is the head of security research of threat intelligence firms NightLion and Shadowbyte.
The international nonprofit organization Spamhaus Project that monitors spam campaigns warned of emails that purport to come from the FBI/DHS. The fake warnings are apparently being sent to addresses scraped from ARIN database.
We have been made aware of “scary” emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.
— Spamhaus (@spamhaus) November 13, 2021
These emails look like this:
Sending IP: 153.31.119.142 (https://t.co/En06mMbR88)
From: eims@ic.fbi.gov
Subject: Urgent: Threat actor in systems pic.twitter.com/NuojpnWNLh— Spamhaus (@spamhaus) November 13, 2021
The fake emails were sent from the IP address 153.31.119.142 (mx-east-ic.fbi.gov), the sender appears to be the Federal Bureau of Investigation’s Law Enforcement Enterprise Portal (LEEP) (eims@ic.fbi.gov).
Vinny Troia blamed a threat actor known as “pompomourin,” as the author of the attack.
Wow I can’t imagine who would be behind this. #thedarkoverlord aka @pompompur_in https://t.co/Xd6XoZNRnl
— Vinny Troia, PhD (@vinnytroia) November 13, 2021
Follow me on Twitter: @securityaffairs and Facebook
Pierluigi Paganini
International Editor-in-Chief
Cyber Defense Magazine
