A bad actor posing as U.S. State Secretary Marco Rubio has contacted multiple government officials, the Washington Post reported today.

The impostor used artificial intelligence to imitate the voice and writing style of Rubio (pictured).

The impersonation campaign began in June when the bad actor opened a Signal account with the display name “marco.rubio@state.gov.” Using the account, the Rubio impostor reportedly contacted at least five government officials. The individuals included a U.S. governor, a member of Congress and three foreign ministers.

Two of the targeted officials received AI-generated Signal voicemails intended to sound like Rubio. In another incident, the bad actor sent a text message that asked an official to join Signal. It’s believed that the campaign was meant to gain “access to information or accounts” of the targeted individuals. 

The State Department is asking diplomats to “warn external partners that cyber threat actors are impersonating State officials and accounts.” According to a cable cited by the Post, external partners are advised to report impersonation attempts to the FBI’s Internet Crime Complaint Center. State Department staffers, meanwhile, will report suspicious correspondence to diplomatic security officials. 

“The department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the department’s cybersecurity posture to prevent future incidents,” the State Department said in a statement. “For security reasons, and due to our ongoing investigation, we are not in a position to offer further details at this time.”

CNN reported today that the State Department is also tracking a second impersonation campaign. In April, a bad actor posing as a “fictitious Department official” started targeting government employees with phishing emails. The goal was to trick them into linking their Gmail accounts to an application that “would almost certainly grant the actor persistent access.”

The phishing campaign reportedly involved a Russia-linked threat actor. The actor “demonstrated extensive knowledge of the Department’s naming conventions and internal documentation,” according to a cable cited by CNN.

In May, the FBI warned that hackers were impersonating U.S. officials to target former federal and state government staffers. The same month, the Wall Street Journal reported that a bad actor had hacked the phone of White House chief of staff Susie Wiles. The hacker used the device to contact politicians and business executives while pretending to be Wiles.

“These campaigns typically employ a multi-pronged approach, starting with phishing attacks sent from seemingly legitimate email accounts and escalating to AI-generated deepfake voicemails,” said Steve Cobb, chief information security officer of cybersecurity startup SecurityScorecard Inc. “This is not the first time threat actors have impersonated state officials, and it likely won’t be the last.”

Photo: State Department