Messages that looked as if they were from the FBI early Saturday morning came from Bureau servers, specifically from the Law Enforcement Enterprise Portal (LEEP), a platform used to communicate with the FBI's partners in state and local law enforcement, but were in fact sent by hackers, not the FBI. The Bureau issued a terse, preliminary statement that attributed the incident to a software misconfiguration that temporarily allowed an outsider to access LEEP. Twitter threads (from SpamHaus and Kevin Beaumont) provided an interesting early account as the emails appeared. The bogus warning told recipients that the FBI had detected data exfiltration and urged heightened vigilance. It also identified security researcher Vinny Troia as the threat actor responsible. Troia was of course not involved at all, and BleepingComputer points out that Troia has long been the object of taunts and defamation from some members of RaidForums.
The Twitter account of the Philippines Office of Civil Defense was briefly hijacked early Sunday and used to churn out "unusual messages" having nothing to do with civil defense or disaster preparation, the Manila Inquirer reports. The tweets mostly involved celebrity-themed Bitcoin speculation.
Check Point this morning released an update on the Iranian threat group MosesStaff. Hacktivist or government-directed, MosesStaff operates like a ransomware gang, but its motive appears to be purely political: it seeks to damage Israeli companies by stealing data, encrypting victims' files, and then releasing the data online. MosesStaff issues no ransom demands, and says it's interested only in exposing "Zionist crimes."