The e-mail, which came from "eims@ic.fbi.gov," the Law Enforcement Enterprise Portal's main address, stated: "Urgent: Threat Actor in Systems."
The message states that a threat actor identified as "Vinny Troia" with ties to extortion gangs was in the receiver's system, and that the reader should "check your systems" and monitoring.
In reality, Vinny Troia is the founder of Shadowbyte, a cybersecurity company that offers a suite of products to combat threats.
The mention of Troia has caused many to assume the perpetrator is a hacker who has had back and forth with Troia for some time, known as “pompompurin. “
The FBI released a statement, saying that “The FBI and CISA [the Cybersecurity and Infrastructure Security Agency] are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to www.ic3.gov or www.cisa.gov.”