A cyber threat actor exploited a flaw in the Federal Bureau of Investigation’s (FBI) Law Enforcement Enterprise Portal (LEEP) software and subsequently sent out fraudulent email messages over this past weekend. The emails came from the “@ic.fbi.gov” domain and referred to a supply chain attack perpetuated by the cyber threat actor “TheDarkOverlord,” claiming their systems may be compromised. The FBI completed remediation efforts and addressed the compromise in a press release.
The NJCCIC recommends users who received the fraudulent communications to ignore and delete the message. We additionally advise ensuring proper configurations of software and hardware, and keeping them updated with the latest patches. If you receive suspicious communications, even from known or trusted accounts, confirm their legitimacy by contacting the sender via a separate means of communication prior to taking action. More information on the incident can be found in the KrebsonSecurity article.