The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings that the recipients' network was breached and data was stolen.

The emails pretended to warn about a “sophisticated chain attack” from an advanced threat actor known[sic], who they identify as Vinny Troia. Troia is the head of security research of the dark web intelligence companies NightLion and Shadowbyte

The spam-tracking nonprofit SpamHaus noticed that tens of thousands of these messages were delivered in two waves early this morning. They believe this is just a small part of the campaign.

[...] Researchers at the Spamhaus Project, an international nonprofit that tracks spam and associated cyber threats (phishing, botnets, malware), observed two waves of this campaign, one at 5 AM (UTC) and a second one two hours later.

The messages came from a legitimate email address - eims@ic.fbi.gov - which is from FBI’s Law Enforcement Enterprise Portal (LEEP), and carried the subject “Urgent: Threat actor in systems.”

All emails came from FBI’s IP address 153.31.119.142 (mx-east-ic.fbi.gov), Spamhaus told us.

The message warns that a threat actors[sic] has been detected in the recipients' network and has stolen data from devices.