The US Federal Bureau of Investigation (FBI) is reportedly investigating malicious cyber activity on the agency’s network.

The federal law enforcement agency says it has already contained the “isolated incident” and is working to uncover its scope and overall impact.

“The FBI is aware of the incident and is working to obtain additional information,” the US Intelligence and Security Service told BleepingComputer.

“This is an isolated incident that has been contained. As this is an ongoing investigation, the FBI has no further comment at this time.”

CNN first reported Friday that it was a hacking incident involving an FBI field office computer system in New York used to investigate child sexual exploitation.

An FBI spokesperson was not immediately available for comment when BleepingComputer contacted earlier in the day asking for more details.

FBI mail servers hacked to send spam

In November 2021, FBI mail servers were also hacked to distribute spam mimicking the FBI’s “sophisticated chain attack” warnings.

After the hack, hackers sent tens of thousands of such spam messages in multiple waves from eims@ic.fbi.gov, a legitimate email address linked to the Enterprise Portal for Law Enforcement (LEEP ) from the FBI.

Although these emails reached at least 100,000 mailboxes, according to SpamHaus, a non-profit spam tracking organization, this was a very conservative estimate because the campaign “was potentially much, much more important”.

FBI Spam
Spam email impersonating the FBI (Spamhaus)

“The FBI is aware of a software misconfiguration that temporarily allowed an actor to exploit the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is the infrastructure FBI computers used to communicate with our state and local law enforcement partners,” the FBI said. said at the time.

“While the illegitimate email originated from a server operated by the FBI, this server was dedicated to sending notifications for LEEP and was not part of the FBI’s corporate email service. No actor could access or compromise data or PII on the FBI network.”


Source link