Criminal Impersonates U.S. Secretary of State, Reaches Contacts
The criminal contacted about five people, including foreign nationals.
Someone using artificial intelligence to impersonate Secretary of State Marco Rubio contacted at least five people, including three foreign ministers, a US governor, and a member of Congress, “with the goal of gaining access to information or accounts,” a US diplomatic cable said.
Security Breaches
The cable advises diplomats worldwide that they “may wish to warn external partners that cyber threat actors are impersonating State officials and accounts.” The impersonation of the top US diplomat is one of “two distinct campaigns” being tracked at the State Department “in which threat actors impersonate Department personnel via email and commercial messaging apps to target individuals’ personal accounts.”
According to the cable, the unknown actor posing as Rubio created an account in mid-June on the messaging platform Signal, using the display name “marco.rubio@state.gov,” as part of “an effort to impersonate Secretary of State Rubio.”
The actor left voicemails on Signal for at least two targeted individuals, and in one instance, sent a text message inviting the individual to communicate on Signal.”
“The actor likely aimed to manipulate targeted individuals using AI-generated text and voice messages, with the goal of gaining access to information or accounts,” it said.
A State Department spokesperson said the agency “is aware of this incident and is currently investigating the matter.”
“The department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the department’s cybersecurity posture to prevent future incidents,” the spokesperson said Tuesday. “For security reasons, and due to our ongoing investigation, we are not in a position to offer further details at this time.”
The FBI declined to comment.
A Strategic Approach
The suspicion is that Russian hackers are behind these attempts to compromise the information of top U.S. government officials. They conduct “extensive and patient rapport-building efforts” with their targets, said Gabby Roncone, a security researcher with Google Threat Intelligence Group who has investigated the activity. Google suspects the hackers have ties to an elite group called APT29, which US officials say works at the behest of Russia’s SVR intelligence agency.
“This is a departure from APT29’s previous diplomatic phishing operations. Although APT29 would impersonate legitimate entities in these older phishing operations, their targeting was much wider in scope and often impersonal,” Roncone told CNN.
