Hackers can use their abilities to do good, to do bad and sometimes just to show what they can do. The last option was the case for this scenario.
A well-known hacker named “pompompurin” wanted to point out a vulnerability in the FBI system and managed to compromise their domain name and internet address as you can see in the “sent from” section in the email that was sent (firstname.lastname@example.org).
This email campaign was sent in a mass distribution to at least 100 thousand different email addresses and to companies which already began to be alarmed about their passwords and data being attacked.
In the email body the sender blames “Vinnie Troia” for the allegedly “sophisticated chain attack” that occurred, but is this true? Apparently not.
As it turns out, there is a massive feud between Vinnie Troia (massive player in the cyber-security world and the owner of two dark-web intelligence companies). And also between RaidForums hackers, which pompompurin is part of.
The purpose of this campaign was to show the vulnerability of the FBI code and system and smear Vinnie Troia's name along the way.
The FBI admitted that the address and domain the spam email was sent from is genuine and belongs to them.
The spam email that was sent:
How did we detect it?
On the same day of this spam campaign the email was received by an IRONSCALES user. IRONSCALES automatically inserted a spam banner in the email that made the user look at this email with caution.
After the user reported this incident, they made the whole IRONSCALES community safe from this and similar email incidents.
The IRONSCALES community is a powerful tool that makes all IRONSCALES users protected from malicious and spam massages.
Moreover, Themis, the IRONSCALES AI analyst resolved this email incident as spam.