AI Deepfake Poses as U.S. Secretary of State in Brazen Espionage Campaign

In a chilling reminder of how AI is reshaping the espionage playbook, a threat actor recently used artificial intelligence to impersonate U.S. Secretary of State Marco Rubio—contacting high-level foreign ministers, a U.S. governor, and even a member of Congress in what appears to be a bold attempt to infiltrate sensitive accounts and information channels.

According to a classified diplomatic cable first reported by The Washington Post, the impersonator set up a Signal account in June using the name “marco.rubio@state.gov” and began reaching out to targets with AI-generated voicemails and messages. The U.S. State Department has confirmed the operation and warned diplomats worldwide that threat actors are now routinely using commercial messaging apps and email to spoof top officials.

“The actor likely aimed to manipulate targeted individuals using AI-generated text and voice messages,” the cable said, emphasizing the campaign’s blend of social engineering, AI deception, and technical precision.

The digital masquerade is one of two active campaigns tracked by the State Department. The second campaign—attributed to a “Russia-linked cyber actor”—dates back to April and involves spear phishing attacks targeting Gmail accounts belonging to think tank researchers, journalists, and dissidents in Eastern Europe. Posing as fictitious U.S. diplomats, the attackers sought to trick users into linking third-party applications to their Google accounts, a move that would give hackers persistent access to private data.

“This latest AI deepfake scheme is another reminder of how advanced deepfake technology has become,” said Steve Cobb, CISO at SecurityScorecard. “These campaigns typically employ a multi-pronged approach, starting with phishing attacks sent from seemingly legitimate email accounts and escalating to AI-generated deepfake voicemails.”

According to researchers at Google and the University of Toronto’s Citizen Lab, the hackers—suspected to be affiliated with APT29, an elite group linked to Russia’s SVR intelligence agency—demonstrated remarkable familiarity with internal U.S. government processes, even mimicking real State Department email structures to build credibility.

“We believe that the attacker is aware that the State Department’s email server is apparently configured to accept all messages and does not emit a ‘bounce’ response even when the address does not exist,” Citizen Lab wrote in a technical analysis.

“This is a departure from APT29’s previous diplomatic phishing operations,” said Gabby Roncone, a researcher at Google’s Threat Intelligence Group. “Although APT29 would impersonate legitimate entities in these older phishing operations, their targeting was much wider in scope and often impersonal.”

By contrast, this new campaign is calculated, personal, and quietly insidious—blurring the lines between official communication and sophisticated cyber deception.

“These operations are suspected to be linked to Russian actors,” Cobb added. “A finding that’s not entirely surprising, as Eastern Europe continues to be a hub for malicious cyber activity.”

The State Department has urged personnel to report suspicious contact attempts to its diplomatic security unit, while external partners are advised to file complaints with the FBI’s Internet Crime Complaint Center.

Cobb emphasized that vigilance is the best defense. “To verify the authenticity of someone reaching out to engage or meet with you, look for some form of secondary authentication. Call a known number, message through a verified social account, or contact someone who knows them personally. We need to evolve toward a default mindset of healthy skepticism in these interactions and adopt a ‘trust but verify’ approach as our standard practice.”

With AI now capable of mimicking not just written words but the voices of world leaders, the digital age of deception is entering dangerous new territory—one where seeing, or hearing, is no longer believing.