An individual using an AI-generated voice impersonated Secretary of State Marco Rubio to contact three foreign ministers and two U.S. politicians, according to a new report.

In the deepfake campaign, which occurred in mid-June, the imposter contacted officials through the encrypted messaging app Signal while using the display name “Marco.Rubio@state.gov,” The Washington Post reported.  

“The actor likely aimed to manipulate targeted individuals using AI-generated text and voice messages, with the goal of gaining access to information or accounts,” a State Department cable read. 

The impostor “contacted at least five non-Department individuals, including three foreign ministers, a U.S. governor, and a U.S. member of Congress,” said the cable, dated July 3. “The actor left voicemails on Signal for at least two targeted individuals and in one instance, sent a text message inviting the individual to communicate on Signal.”

The cable, which was distributed to all diplomatic and consular posts, cited a need for vigilance against impersonation efforts. It urged officials to warn external partners about fake accounts potentially being part of an information or cybersecurity threat. 

“There is no direct cyber threat to the department from this campaign, but information shared with a third party could be exposed if targeted individuals are compromised,” the cable said.

The advisory also referred to a separate incident in April attributed to a Russia-linked hacker. That individual conducted a phishing campaign that targeted think tanks, Eastern European activists and dissidents, as well as former State Department officials. 

According to the cable, the hacker used a fake “@state.gov” email address with official logos and branding to present emails as credible communications from the State Department’s Bureau of Diplomatic Technology. “The actor demonstrated extensive knowledge of the department’s naming conventions and internal documentation,” the memo said. 

The Russia-linked campaign specifically involved messages sent to private Gmail accounts, with content designed to impersonate a State Department official. External partners later said the phishing attempt likely originated from a cyber actor believed to be associated with the Russian Foreign Intelligence Service.