September 18, 2016
A massive email-based attack occurred over the weekend of August 13 and 14, which resulted in the flooding of 100+ email inboxes for various government accounts, and other smaller targets.
The attacks, called “email bombs,” took place because careless website owners and mailing list managers had not secured their web forms against automated bots.
An unknown group had compiled a list of unsecured web forms and mailing lists and subscribed official government email addresses to these lists.
Mailing lists and WordPress sites abused in the attack
Attackers used bots to take a target’s email address and enter it into a contact form, account registration form, or mailing list that generated an automated response in the form of confirmation or notification email.
On Monday morning, government officials or other affected parties who opened their email clients found hundreds or thousands of email subscription confirmations in their inboxes.
Because these emails came from previously legitimate sources, not all were marked as spam in the beginning. Nevertheless, as the attack surged over the weekend, Spamhaus, an organization that manages a blacklist of IP addresses banned for spamming, took notice of the incident.