Hackers reportedly compromised a Federal Bureau of Investigation email system on Saturday and sent about 100,000 messages warning of a possible cyberattack, according to the agency and security specialists.
Fake emails appeared to come from a legitimate FBI email address ending in @ic.fbi.gov, the FBI said in a statement.
Although the hardware impacted by the incident was taken offline quickly upon discovery of the issue, the FBI said, “This is an ongoing situation.”
The hackers sent tens of thousands of emails warning of a possible cyberattack, threat-tracking organization Spamhaus Project said on its Twitter account.
A copy of an email posted by Spamhaus on Twitter showed a subject line of “Urgent: Threat actor in systems” and appeared to end with a sign-off from the Department of Homeland Security.
The FBI is part of the Department of Justice.
Both the FBI and Cybersecurity and Infrastructure Security Agency are aware of the incident, the FBI statement said.
The FBI has multiple email systems, and the one that appears to have been hacked on Saturday is a public-facing one that agents and employees can use to email the public, according to Austin Berglas, head of professional services at the cybersecurity company BlueVoyant.
There’s a separate email system agents are required to use when transmitting classified information, he said.
“This is not the classified system that was compromised,” said Berglas, who is also a former assistant special agent in charge of the FBI’s New York office cyber branch. “This is an externally facing account that is used to share and communicate unclassified information.”
The attacks started at midnight Saturday in New York with a subsequent campaign beginning at 2am, according to Spamhaus.
The nonprofit said it estimates the spam messages ultimately reached at least 100,000 mailboxes.
There was no malware attached to the emails, according to Spamhaus.
The group speculated that the hackers could have been attempting to smear Troia or were staging a nuisance attack to flood the FBI with calls.