In a troubling escalation of deepfake technology misuse, an individual impersonating US Secretary of State Marco Rubio used AI-generated voice messages and a fake Signal account to contact foreign leaders and a sitting member of Congress, according to a State Department cable dated 3 July, seen by Bloomberg News.
The cable details how the impersonator contacted at least five individuals, including three foreign ministers, a US governor, and a US member of Congress, using a forged Signal profile created in mid-June.
“The actor likely aimed to manipulate targeted individuals using AI-generated text and voice messages, with the goal of gaining access to information or accounts,” the State Department cable noted.
This campaign is part of a wider pattern of impersonation efforts dating back to April, which involved threat actors posing as senior US officials. In May, The Wall Street Journal reported that authorities were investigating a separate case where someone posed as White House Chief of Staff Susie Wiles, contacting senators, governors, and senior business executives.
According to an FBI memo dated 15 May, the impersonators used AI-generated voice and text messages to “establish rapport before gaining access to personal accounts.”
While the US State Department has not yet issued a formal comment, the impersonation attempt involving Rubio was first reported by The Washington Post.
Why Signal?
Experts believe that Signal, a secure messaging app, is being exploited due to its popularity among high-level officials. In March, controversy erupted after The Atlantic revealed that its editor-in-chief had been added to a Signal group chat where US officials discussed classified military plans to strike Houthi rebels in Yemen.
That compromised chat reportedly included high-ranking figures such as Marco Rubio, Susie Wiles, Defence Secretary Pete Hegseth, Vice President JD Vance, and former National Security Adviser Mike Waltz, raising concerns over internal communication security.
Ongoing Threats Linked to Russian Actors
The 3 July cable also flagged a separate ongoing campaign, believed to be orchestrated by a Russia-linked actor, targeting Gmail accounts of journalists, activists, and dissidents across Europe.
“The actor demonstrated extensive knowledge of the Department’s naming conventions and internal documentation,” the cable said.
Previous impersonation attempts were also cited, including a June 2022 case where someone created a WhatsApp account in the name of then-Secretary of State Antony Blinken, which was used to message South American leaders. A 2023 campaign involved what officials believe was a “likely Russian state-sponsored cyber threat actor” that posed as the State Department to target non-proliferation organisations.