Security News > 2020 > October > FBI shares technical details on Iran's fake Proud Boys emails
The Federal Bureau of Investigation shared indicators of compromise associated with the Iranian state-sponsored threat group behind last week's Proud Boys voter intimidation emails that targeted Democratic voters.
The threatening spoofed emails used the "Vote for Trump or Else" subject and warned voters registered as Democrats that they must vote for President Trump and change their party to Republican unless they want the Proud Boys far-right group to come after them.
Many of the IP addresses used in the fake Proud Boys email campaign are from the NordVPN service according to an FBI TLP:WHITE flash alert issued yesterday.
Some of the emails also included voters' full names and mailing addresses or a video showing Proud Boys hackers breaching voter registration databases.
Some of these VPN IPs linked to the Iranian APT actors are from NordVPN's server list and may also correspond to other VPN providers such as CDN77, HQSERV, and M247. The full list of IP addresses associated with the fake Proud Boys intimidation email campaign is included at the end of the FBI flash alert.