CNN
—
Someone using artificial intelligence to impersonate Secretary of State Marco Rubio contacted at least five people, including three foreign ministers, a US governor, and a member of Congress, “with the goal of gaining access to information or accounts,” a US diplomatic cable said.
The cable advises diplomats worldwide that they “may wish to warn external partners that cyber threat actors are impersonating State officials and accounts.” The impersonation of the top US diplomat is one of “two distinct campaigns” being tracked at the State Department “in which threat actors impersonate Department personnel via email and commercial messaging apps to target individuals’ personal accounts,” the cable, dated last Thursday, advised.
According to the cable, the unknown actor posing as Rubio created an account in mid-June on the messaging platform Signal, using the display name “marco.rubio@state.gov,” as part of “an effort to impersonate Secretary of State Rubio.”
“The actor left voicemails on Signal for at least two targeted individuals, and in one instance, sent a text message inviting the individual to communicate on Signal,” said the cable, which was first reported by the Washington Post.
“The actor likely aimed to manipulate targeted individuals using AI-generated text and voice messages, with the goal of gaining access to information or accounts,” it said.
The effort resembled investigated past activity to impersonate senior US officials, the cable said. That activity was under FBI investigation. CNN reported in May that a law enforcement investigation into efforts to impersonate President Donald Trump’s chief of staff, Susie Wiles, was underway.
External partners can report Rubio impersonations to the FBI’s Internet Crime Complaint Center, the cable said. Internally, State Department personnel were advised to report impersonation attempts to diplomatic security.
CNN has reached out to the State Department and FBI for comment.
The second campaign, according to the cable, began in April and involves a “Russia-linked cyber actor” who “conducted a spear phishing campaign targeting personal Gmail accounts associated with think tank scholars, Eastern Europe-based activists and dissidents, journalists, and former officials.”
The cyber actor “posed as a fictitious Department official, inviting targeted users to a meeting and attempting to convince them to link a third-party application to their Gmail accounts” that “would almost certainly grant the actor persistent access to the contents of the users’ Gmail.”
The campaign was highly detailed and the actor “demonstrated extensive knowledge of the Department’s naming conventions and internal documentation,” the cable said.
