X-Industry

FBI Warns of New AI based Attacks

Posted by Jim McKee on June 3, 2025 at 8:00am

13570274669?profile=RESIZE_400xThe FBI has issued a critical alert regarding a sophisticated cyber campaign in which malicious actors are impersonating senior US officials using AI-generated voice and text messages.  According to an FBI alert, the campaign, which has been active since April 2025, primarily targets current and former federal and state government officials, as well as their contacts.

Attackers use Smishing (SMS phishing) and Vishing (voice phishing) techniques, now augmented with AI-generated content, to deceive victims.  By sending messages that appear to originate from trusted officials, they aim to establish rapport and subsequently direct targets to malicious platforms designed to harvest login credentials and personal information.[1]

Once access is gained, attackers can exploit compromised accounts to infiltrate networks further, gather sensitive data, or impersonate contacts to solicit information or funds.  The use of AI-generated voices and messages increases the plausibility of these scams, making them more challenging to detect.  "These AI-driven impersonations are going to be used in an attempt to 'gum up the works' wherever and whenever possible," said Col. Cedric Leighton, CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC.  "These attacks started surfacing last year in ever-increasing numbers. They made their debut overseas and then seemed to migrate to the US."

"One of the most interesting AI-driven impersonation attacks involved Italian Defense Minister Guido Crosetto.  A staunch supporter of Ukraine, Crosetto has often been the subject of vicious attacks from senior Russian politicians, including former Russian President Dmitri Medvedev," Col. Leighton added.

"But in February 2025 things took an interesting turn, when several senior Italian business executives from well-known firms like tire manufacturer Pirelli, fashion houses Prada and Giorgio Armani, as well as the Italian billionaire Massimo Moratti, who used to own the Inter Milan soccer club, were all contacted via phone by someone claiming to be Crosetto.  Each executive was asked to provide ransom money that would be used to secure the release of Italians who were imprisoned or kidnapped in Iran and Syria.  Italian media reported that at least Moratti transferred money in response to this fake request.  When Defense Minister Crosetto found out about this vishing attack, he informed Italian law enforcement and posted about the incident on social media."

To mitigate the risks associated with this campaign, practitioners should:

  • Verify communications: Independently confirm the identity of individuals contacting you via new or unexpected channels before responding or acting.
  • Scrutinize messages: Examine the content of messages for inconsistencies, unusual language, or requests that deviate from standard protocols.
  • Educate staff: Conduct training sessions to raise awareness about smishing, vishing, and AI-generated impersonation tactics.
  • Implement Multi-Factor Authentication (MFA): Ensure that MFA is enabled across all accounts to add a layer of security.
  • Report Suspicious Activity: Encourage the reporting of any suspicious communications to the appropriate security teams and the FBI's Internet Crime Complaint Center (IC3).

The FBI's IC3 released its 2024 Internet Crime Report earlier this month, announcing a record-breaking year in cybercrime.  The report highlights a staggering $16.6 billion in reported losses, a 33% increase from 2023, underscoring the escalating threat landscape faced by individuals and organizations alike.  "Basic protections like MFA and annual awareness training are no longer enough to prevent this surge in AI-driven impersonation attacks.  The threat surface is evolving faster than ever, and AI is fundamentally reshaping how risk is created, exploited, and managed," said David DellaPelle, CEO & Co-Founder of Dune Security.  "These new social engineering tactics don't rely on mass emails.  They're polished, personalized, and often indistinguishable from legitimate messages.  Traditional Security Awareness Training is unable to keep up with these AI supercharged deception techniques, and as a result, organizations are more vulnerable than ever."

Some additional thoughts from Col. Leighton:

  • "While the FBI is focusing on the use of AI to impersonate high-level U.S. officials, senior business leaders are not immune.  In another case involving Italian targets, a senior executive of exotic car maker Ferrari received a WhatsApp call last summer purporting to be from his CEO, Benedetto Vigna.  The person claiming to be Vigna told the Ferrari executive that he needed a substantial sum of money to be transferred because of a pending 'hot deal' in China.  Because the caller was using a phone number not associated with Vigna and there were other aspects of the call that didn't seem quite right, the Ferrari executive asked the caller what book he had recommended to him the week before.  When the caller claiming to be Vigna couldn't answer that question, he hung up, and Ferrari escaped becoming a victim of the scam."
  • "AI-driven attacks impersonating senior US officials are taking center stage in the wake of the so-called 'Signal-gate' scandal, in which high-level Trump Administration officials shared classified information via the encrypted, but unclassified Signal app. If a sophisticated foreign signals intelligence service was able to intercept any calls or texts within chat groups used by these officials, they could exploit the data they gathered not just for the raw intelligence information they contained, but also for the syntax and linguistic style used by the members of these chat groups.  That would make any smishing or vishing attacks against any subordinate officials even more convincing and that would increase the likelihood that such attacks would ultimately compromise information of intelligence value and, potentially, alter military attack plans or negotiating strategies."
  • "Attacks of this nature are nothing short of a 'clear and present danger' to our military and intelligence operations, as well as to the conduct of our foreign policy. They are also a 'clear and present danger' for business executives at all levels.  Authentication of the identities of the people we communicate with has now become an absolute imperative."

This article is shared at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC).  For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122

 

[1] https://www.secureworld.io/industry-news/fbi-warning-ai-attacks-us-officials

Views: 8
Tags: tr-25-152-002, fbi, impersonating, trusted officials, crosetto, italian, vishing attack, us officials, ai-driven attacks
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!