Date: Monday, November 15, 2021 10:14:30 -0500 From: Christopher Morrow <morrowc.lists@gmail.com>
https://www.washingtonpost.com/nation/2021/11/14/fbi-hack-email-cyb erattack/
On Mon, Nov 15, 2021, 09:56 Glenn McGurrin wrote:
I had a bit of an odd one this morning, I received two emails through contacts listed in whois subject: "Urgent: Threat actor in systems" from "eims@ic.fbi.gov". I was all set to ignore them as an odd bit of spam but did a quick check on the headers and was surprised to see it had valid dkim and spf and was from an actual FBI IP, queue real worry starting. Luckily it looks like it was a case of something being hacked on the FBI's end as calling they immediately knew what I was calling about and said they had dealt with the compromised equipment. Further googling after that call shows a few more reports of this ex. https://twitter.com/spamhaus/status/1459450061696417792 and
Seems it wasn't an actual "intrusion" [into an fbi email system], rather simply taking advantage of a very badly configured web site to send out the messages [from an fbi machine]. <https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/>