New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Fake Emails Sent via FBI/DHS Portal

(DHS) messaging system known as the Law Enforcement Enterprise Portal (LEEP) was exploited over the weekend to send fake cyberattack emails. The FBI delineates LEEP as “a gateway providing law enforcement agencies, intelligence groups, and criminal justice entities access to beneficial resources.”  These emails were fake warnings with gibberish technical statements that falsely implicated cybersecurity researcher Vinny Troia as a member of the criminal group “The Dark Overlord.” While the LEEP portal spam email was sent via an FBI mail server, it does not indicate that the FBI’s internal email systems were compromised. In a statement, the FBI noted “Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.”

Analyst Notes

This was likely a vengeful prank in retaliation for Troia’s publication of research on “The Dark Overlord” earlier this year. However, it illustrates a larger issue in the modern threat environment.

Threat groups often hijack legitimate email servers during business email compromise (BEC) attacks and may also interject into ongoing email threads in order to use trust relationships to bypass spam and phishing filters. It is important to scrutinize and verify any out of the ordinary information transmitted via such channels. In addition, it is important to implement appropriate security controls and vulnerability management processes on any external facing portals that could be exploited.

FBI Says Its System Was Exploited to Email Fake Cyberattack Alert