Tens of thousands of fake cyber attack warnings have been sent from an FBI email server, prompting the spook agency to launch an investigation.
The threat was first flagged by cyber security experts on social media. The FBI have now confirmed they are ‘aware of the incident this morning involving fake emails from an @ic.fbi.gov email account.’
These emails look like this:
Sending IP: 153.31.119.142 (https://t.co/En06mMbR88)
From: eims@ic.fbi.gov
Subject: Urgent: Threat actor in systems pic.twitter.com/NuojpnWNLh— Spamhaus (@spamhaus) November 13, 2021
The email account concerned was used for communication between the spook agency and members of the public, and initial reports state that no classified information was held on the servers.
The following chart shows email traffic originating from the FBI mailserver (https://t.co/En06mMbR88 | 153.31.119.142) involved. You can clearly see the two spikes caused by the fake warning last night. Timestamps are in UTC. pic.twitter.com/vPKvzv74gW
— Spamhaus (@spamhaus) November 13, 2021
I asked the FBI for comment. Here's what they said: "The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation and we are not able to provide any additional information at this time." https://t.co/9ZO8poygDC
— briankrebs (@briankrebs) November 13, 2021
