The US State Department has reported a large-scale AI-based deepfake attack in which cybercriminals created fake videos and voicemails “featuring” Secretary of State Marco Rubio. The impersonation was used to contact at least five high-ranking officials, including foreign ministers and the governor.
The attackers used deepfake images to mimic Rubio’s appearance, language, and style to contact victims via the Signal messenger, known for its encrypted communication. Some victims were lured in with SMS messages inviting them to chat or left voicemails that mimicked the Secretary of State’s tone, language, and mannerisms.
The attackers had a deep understanding of the State Department’s internal documentation and structural patterns, suggesting a professionally organized operation, likely of Russian origin. While the State Department says there was no immediate threat to cyber infrastructure, it stresses that any information shared with third parties could have been compromised if the recipient was misled.
This is not the first AI-based attack on Marco Rubio. Earlier this year, a video surfaced online purporting to show Rubio calling for the termination of Starlink in Ukraine, which Ukrainian officials later denied. The attack also fits into a broader context of a new wave of AI-related crimes, including voice phishing and SMS phishing, where AI voice and text clones are used to manipulate political influence.
In the context of cyberwar, trust can no longer be automatic — “trust but verify” is becoming the new security standard.
