An American diplomatic cable stated that an individual posing as Secretary of State Marco Rubio reached out to three foreign ministers, a US governor, and a congressman “with the goal of gaining access to information or accounts” via the use of artificial intelligence.
State officials and accounts are being impersonated in cyber threats, according to the cable, which ambassadors throughout the globe should be aware of and caution their foreign partners about. The State Department is currently monitoring “two distinct campaigns” wherein “threat actors impersonate Department personnel via email and commercial messaging apps to target individuals’ personal accounts,” according to a cable dated last Thursday. One of these campaigns involves the impersonation of the top US diplomat.
The anonymous actor, who was supposedly trying to “impersonate Secretary of State Rubio,” registered an account on the messaging service Signal in the middle of June with the username “marco.rubio@state.gov,” as stated in the cable.
Initially published by the Washington Post, the cable stated, “The actor left voicemails on Signal for at least two targeted individuals, and in one instance, sent a text message inviting the individual to communicate on Signal.” So went the story.
Reports indicate that the perpetrator responsible for the attack probably intended to acquire access to accounts or information by manipulating specific individuals with AI-generated text and voice communications.
According to the cable, the attempt was similar to previously uncovered attempts to mimic high-ranking US officials. The FBI was looking into that. In May, HEADLINESFOREVER revealed that authorities were looking into attempts to mimic Susie Wiles, chief of staff to President Donald Trump.
The cable advertised the FBI’s Internet Crime Complaint Center as a place where external partners may report Rubio impersonations. Diplomatic security should be notified of any efforts at impersonation, according to an internal directive from the State Department.
The State Department “is aware of this incident and is currently investigating the matter,” according to a spokeswoman from the department.
According to the spokesman, “the department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the department’s cybersecurity posture to prevent future incidents.” This statement was made on Tuesday. “We are unable to provide additional details at this time due to security concerns and our ongoing investigation.”
No reaction was given by the FBI.
The second effort took place in April and was carried out by a “Russia-linked cyber actor” who “conducted a spear phishing campaign targeting personal Gmail accounts associated with think tank scholars, Eastern Europe-based activists and dissidents, journalists, and former officials,” as stated in the cable.
In order to get persistent access to the individuals’ Gmail contents, the cyber actor “posed as a fictitious Department official, inviting targeted users to a meeting and attempting to convince them to link a third-party application to their Gmail accounts.”
An comprehensive understanding of the Department’s naming practices and internal documents was shown by the actor, who ran a well planned campaign, according to the cable.
Last month, researchers from Google and the Citizen Lab at the University of Toronto found evidence of similar hacking behavior, including an attempt to get into the online lives of well-known Russian critics and academics while pretending to be US officials.
Citizen Lab, a research organization at the University of Toronto that studies hacking attempts directed at civil society, discovered that one of the targets was Keir Giles, an outspoken specialist on Russian influence operations.
According to the Citizen Lab, the hackers who targeted Giles appeared to have utilized four phony email accounts with the “state.gov” domain to make their contact seem more official.
According to their investigation, the researchers concluded that the attacker is likely aware that the State Department’s email server is set up to accept all messages and does not respond with a “bounce” even if the address is invalid.
Security researcher Gabby Roncone of Google Threat Intelligence Group, who has studied the behavior, claimed that the hackers linked to Russia engage in “extensive and patient rapport-building efforts” with their targets. The US government has claimed that Russia’s SVR intelligence agency is behind the hacking organization known as APT29, and Google believes that this group has links to the hackers.
This is different from the diplomatic phishing operations that APT29 has done before. According to Roncone, who spoke with HEADLINESFOREVER, APT29’s targeting was more broader and frequently impersonal in these earlier phishing operations, even if they would imitate respectable companies.