Associated Incidents
Russian threat actors are suspected of creating several AI deepfakes of US Secretary of State Marco Rubio and then using the AI-generated content to contact at least five foreign ministers and US officials, the State Department warned on Tuesday.
Secretary Rubio is the latest high-profile government official to get caught up in an AI deepfake impersonation scam, as first reported by the Washington Post on Tuesday.
Apparently, an unknown bad actor had used several AI-generated deepfakes of Rubio to contact at least three foreign ministers, a US Governor, and a member of Congress sometime in mid-June, the Post said.
"The actor demonstrated extensive knowledge of the department's naming conventions and internal documentation." -
- US State Department
The names of the officials have not been revealed, but an official cable from the State Department to all diplomatic offices said the imposter contacted some of the officials using the Signal messaging app.
Signal is the same app that Trump's cabinet was lambasted for using to discuss attack plans on Houthi rebels in March, accidentally adding a prominent journalist to the private group chat.
The new information follows an FBI advisory issued in May that warned of cybercriminals using AI-generated voice and text messages to impersonate US senior officials -- known as vishing and smishing -- to target other former US government officials.
Two of the officials were left fake Rubio voicemail messages, and another was texted a direct invite to communicate with the imposter on Signal, the report said.
"The actor likely aimed to manipulate targeted individuals using AI-generated text and voice messages with the goal of gaining access to information or accounts," the July 3rd cable said.
The fraudulent texts and voice messages were also said to have mimicked Rubio's voice and writing style.
Steve Cobb, CISO at SecurityScorecard, says this latest AI deepfake scheme is another reminder of how advanced deepfake technology has become.
"This is not the first time threat actors have impersonated state officials, and it likely won't be the last. These campaigns typically employ a multi-pronged approach, starting with phishing attacks sent from seemingly legitimate email accounts and escalating to AI-generated deepfake voicemails," Cobb said.
Furthermore, if bad actors gain access to the personal or government accounts of US officials, it can lead to further targeted attacks on other officials, as well as the victim's contacts or associates, simply by using the information found in previous correspondence, the FBI said.
In addition to the deepfakes of Rubio, his office reported that other State Department personnel had also been impersonated via email.
"No direct threat"
The State Department noted that the AI fakes posed no direct cyber threat to the agency, although it warned that any "information shared with a third party could be exposed if targeted individuals are compromised."
The cable further referenced another deepfake attack thought to have been carried out by a Russia-linked hacker in April who conducted a phishing campaign targeting think tanks, Eastern European activists and dissidents, and former State Department officials, according to Reuters, which saw the warning.
Cobb says that it's not entirely surprising "these operations are suspected to be linked to Russian actors, as Eastern Europe continues to be a hub for malicious cyber activity."
The suspected hacker had used a fake "@state.gov" email address and used the State's Bureau of Diplomatic Technology logos and branding on the phishing emails, the cable said, adding that "the actor demonstrated extensive knowledge of the department's naming conventions and internal documentation."
The State Department said it would "carry out a thorough investigation and continue to implement safeguards to prevent this from happening in the future."
Ironically, this is not the first time Rubio has been targeted by cybercriminals using an AI-generated deepfake.
Earlier this year, a video circulated of Rubio saying he wanted to cut Starlink internet service in Ukraine, the AP said. That video was eventually debunked by Ukrainian officials. US Chief of Staff Susie Wiles was also impersonated by an AI-voice cloning software in May.
"Stay Vigilant"
Cobb says to avoid falling victim to these schemes, staying vigilant is key.
"The first and most important step has already been taken: these campaigns have been reported to the FBI's Internet Crime Complaint Center (IC3), which will serve as the primary source of verified information on incidents like this moving forward," the CISO said.
Additionally, Cobb says to verify the authenticity of someone reaching out to engage or meet with you, people should look for some form of secondary authentication.
"This could include calling a known, trusted phone number, messaging the person through a verified social media account, or contacting someone who has a personal affiliation with the individual you're trying to verify," Cobb says.
"We need to evolve toward a default mindset of healthy skepticism in these interactions and adopt a "trust but verify" approach as our standard practice," he added.