After reports from experts from the European organization Spamhaus, the US Federal Police confirmed that false emails attributed to the US Department of Homeland Security were sent on Saturday from a secure FBI computer server.
In a statement, the FBI and the Cybersecurity and Infrastructure Agency (CISA) confirmed the incident, without providing details.
According to their statement, “The FBI and CISA are aware of the incident this morning involving fake emails from an account at @ic.fbi.gov.” They add: “This is an ongoing situation and we cannot provide any further information at this time,” noting that “affected items were taken offline quickly after the issue was discovered.”
“We continue to encourage the public to be vigilant about anonymous senders and ask that you report any suspicious activity,” the statement continued.
There was no indication how these emails were sent, either by someone authorized to access the server or by an outside hacker.
According to Spamhaus information, a large number of fake emails were sent in two waves early Saturday from an address on a government business law enforcement portal, used by many government agencies.
Some of the emails, sent on behalf of the group responsible for detecting cyber attacks at the Department of Homeland Security, read: “Urgent, your systems are at risk.”
These emails warned their recipients that they were the target of a “sophisticated” attack by a known gang that specializes in extortion, according to Spamhaus.
Brian Krebs, an independent cybersecurity expert, explained that he had received a fake email from an FBI address, but with another message.
“Certified food fanatic. Extreme internet guru. Gamer. Evil beeraholic. Zombie ninja. Problem solver. Unapologetic alcohol lover.”