The nonprofit SpamHaus, which tracks spam e-mails, noticed tens of thousands of urgent FBI bulletins going out the morning of November 13. These bulletins, warning of a "sophisticated chain attack," were sent by the FBI's servers. In actuality, a hacker had been able to get into the Bureau's e-mail notification system to distribute the false warnings.
The e-mail, which came from "eims@ic.fbi.gov," the Law Enforcement Enterprise Portal's main address, stated: "Urgent: Threat Actor in Systems."
The message states that a threat actor identified as "Vinny Troia" with ties to extortion gangs was in the receiver's system, and that the reader should "check your systems" and monitoring.
In reality, Vinny Troia is the founder of Shadowbyte, a cybersecurity company that offers a suite of products to combat threats.
The mention of Troia has caused many to assume the perpetrator is a hacker who has had back and forth with Troia for some time, known as “pompompurin. “
The FBI released a statement, saying that “The FBI and CISA [the Cybersecurity and Infrastructure Security Agency] are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to www.ic3.gov or www.cisa.gov.”