Cadet Blizzard Hackers Linked to GRU, U.S. Offers $10 Million for Information
Published on September 9, 2024
A yet unidentified actor hacked a Federal Bureau of Investigation (FBI) server to send some 100,000 spam emails that contained information regarding an alleged breach in the systems. The rambling way it was written and the many tech nonsense details given make this seem like some sort of prank or revenge.
On November 13, the FBI announced they were aware of a threat actor taking over one of their servers to impersonate the Bureau and send misleading spam emails from a "@ic.fbi.gov" email account and said the affected hardware was taken offline immediately.
The first reports came from Spamhaus, a European-based nonprofit firm focusing on tracking spam, which noted that the recipients seem to be email addresses scraped from the American Registry for Internet Numbers (ARIN) database. A sample of the sent email was published and can be seen below.
What's interesting to note is that the random text reads, "We identified the threat actor to be Vinny Troia, who is believed to be affiliated with the extortion gang TheDarkOverlord." For the record, Vinny Troia is the Night Lion Security CEO. The gang and the researchers have a history, as in May 2021, Troia was able to link ShinyHunters with TheDarkOverlord, creating a detailed infographic. The hackers actively targeted Data Viper as revenge against the researcher’s efforts to identify and expose them, and they were eventually linked with the MGM Resorts hack, which mobilized the law enforcement authorities and allegedly forced the group to change its name.
On November 14, the FBI made another public statement, clarifying that the server was a Law Enforcement Enterprise Portal (LEEP) one used to push notifications and not part of the FBI’s corporate email service and that no data or PII were compromised.