{"id":60702,"date":"2026-05-21T00:00:00","date_gmt":"2026-05-21T00:00:00","guid":{"rendered":"urn:uuid:5066bdec-3759-edaa-598f-16d5ec76d7f5"},"modified":"2026-05-21T00:00:00","modified_gmt":"2026-05-21T00:00:00","slug":"one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/","title":{"rendered":"One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u2018Patriot Bait\u2019 Campaign"},"content":{"rendered":"

<\/p>\n

<\/div>\n

StellarMonSetup.exe<\/i> is in fact GoToResolve, a legitimate unattended remote-administration tool. Once installed, it gives the actor a persistent remote desktop session with file access, command execution, and clipboard capture. The technique is popular in ransomware intrusions (such as LockBit<\/a> and Akira<\/a>) and requires no malware authorship. The “import your wallet” function served a secondary purpose: subscribers who typed their seed phrase into the fake import screen handed over their wallet keys.<\/p>\n

At least one victim’s crypto-wallet was fully compromised: password cracked, 12-word mnemonic stolen, and the owner’s 40+ wallet addresses harvested across all major chains.<\/p>\n

<\/span><\/h3>\n

The actor’s arsenal includes an AI-powered brute-forcing tool targeting WordPress. The script is built on the premise that people mutate familiar base passwords in predictable ways, and Gemini 2.5 Flash can model the mutations when supplied with static wordlists.<\/p>\n

For each target username, the script sends the email address and surrounding context to Gemini for 20 plausible password variants: swapping upper- and lower-case, appending years, symbol substitutions, name fragments, and keyboard patterns.<\/p>\n

Collected data indicates 29 WordPress administrator accounts were cracked, across businesses including weapons retailers, legal offices, medical practices, and small commercial sites.<\/p>\n

The use of a commercial AI model as a password-mutation oracle represents an escalation over traditional wordlist attacks. With prior knowledge of the victim from purchased DaisyCloud infostealer logs, LinkedIn, or previous successful logins, plus customized mutation rules, the actor could easily ask the LLM to model the victim’s password patterns.<\/p>\n

Instead of an information operation designed to shift political opinion, as someone might expect, or for example, amplify Russian narratives, we believe that the campaign is more likely a financially motivated fraud that opportunistically uses IO techniques to build its audience.<\/p>\n

We have not found any pro-Russian narratives in the channel export. A keyword search for words like “Russia,” “Putin,” “Kremlin,” “Ukraine,” and related terms returns 1,317 messages (6.4%). However, no message advocated for Russian interests, and the actor didn’t instruct Gemini to generate pro-Russian content.<\/p>\n

The actor views the QAnon audience as easy fraud victims, not ideological allies. The evidence showed that the channel’s subscribers were called mammoths, Russian slang for an easily deceived victim. The actor also explicitly planned a cryptocurrency pump-and-dump scheme:<\/p>\n

“\u043a\u043e\u0433\u0434\u0430 \u0432 \u0431\u043e\u0442\u0435 \u043d\u0430\u0431\u0435\u0440\u0451\u0442\u0441\u044f 5\u043a \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u043b\u044e\u0434\u0435\u0439, \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u0441\u044f \u0437\u0430\u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0437\u0430 \u043e\u0434\u0438\u043d \u0446\u0438\u043a\u043b \u043f\u0430\u043c\u043f \u0434\u0430\u043c\u043f”<\/i>
(When the bot accumulates 5,000 active users, how much can we earn from one pump-and-dump cycle?)<\/p>\n

The guardrail of a jailbroken Gemini is completely off and does not even react to the actor’s clear intention to exploit his victims, or to keywords like “pump-and-dump”.<\/p>\n

The actor also had a research conversation with Gemini on how professional crypto-fraud call centers operate against North American victims, such as how to exploit full personal data via phone vishing and how to lure victims into a crypto scam. Gemini responded with feasible methodologies, such as Medicare\/Health Canada fraud targeting the elderly.<\/p>\n

This operation demonstrates how frontier AI systems are enabling a new generation of scalable, low-cost cybercriminal operations that blend information operations, automation, and financial fraud.<\/p>\n

What previously required a team of writers, social media managers, IT workers, and malware programmers can now be automated by a single actor using a VPS, a Telegram bot, and API access to frontier models. The actor co-worked with AI to build a production-grade content creation pipeline, engagement analytics, and a gamified bot, all targeting a specific cultural and political community with precision. However, despite the scale of automation, observed financial outcomes appear limited. The operation also illustrates an emerging pattern of threat actors using AI coding agents to manage infrastructure, generate content, debug pipelines, and process stolen credentials, all through natural-language commands.<\/p>\n

The “American Patriot” case is a small operation, but the techniques it uses point to emerging trends. A jailbroken frontier model handled the writing, the infrastructure, and the password modeling for a solo actor whose only real costs were stolen API keys. The next operator to copy this blueprint may be better resourced, better targeted, or aimed at an audience less wary than MAGA crypto skeptics, and the guardrails that failed here will keep failing under jailbreaks and non-English prompting until frontier vendors close those gaps. As we documented in our prior Unmanaged AI Adoption<\/i><\/a> research, frontier models behave differently when queried in different languages and their guardrails are inconsistent across languages. Defenders should expect more of this, at lower skill thresholds, against any community whose trust can be weaponized.<\/p>\n

Scams like this follow a predictable formula: a trusted community voice, a time-limited bonus, and fake testimonials to override your skepticism. As a rule, legitimate platforms will never ask you to install software, enter a seed phrase, or “import your wallet” into a new app. If an offer sounds too generous to be real, it isn’t. See Keeping Assets Safe From Cryptocurrency Scams and Schemes<\/i><\/a> for practical steps to protect your crypto assets.<\/p>\n

Defending against operations like this requires controls on both sides of the abuse: tightening the AI supply chain that the actor depended on, and hardening the human targets he was able to reach. On the AI side, frontier vendors should treat cross-language guardrail parity and jailbreak-resistant memory files as table stakes, while enterprises should monitor for stolen API key reuse, anomalous CLI-driven infrastructure changes, and credential-stuffing patterns consistent with LLM-assisted password mutation.<\/p>\n

TrendAI Vision One\u2122<\/a> platform is the industry-leading AI cybersecurity platform that centralizes cyber risk exposure management, security operations, and robust layered protection. <\/p>\n

TrendAI Vision One\u2122 Threat Intelligence Hub<\/a> provides the latest insights on emerging threats and threat actors, exclusive strategic reports from TrendAI\u2122 Research, and TrendAI Vision One\u2122 Threat Intelligence Feed in the TrendAI Vision One\u2122 platform.  This research was first reported to Threat Intelligence Hub subscribers in February 2026.<\/p>\n

Emerging Threats:<\/b>  <\/u> One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u201cPatriot Bait\u201d Campaign<\/a><\/p>\n

<\/span><\/h2>\n

One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u201cPatriot Bait\u201d Campaign <\/a><\/p>\n

<\/span><\/h2>\n

TrendAI Vision One\u2122 customers can use the  XDR Data Explorer App to match or hunt the malicious indicators mentioned in this blog post with data in their environment.  <\/p>\n

GoToResolve Infrastructure & Network Connections<\/b><\/p>\n

(dst:”213.165.51.115″ OR dst:”34.34.57.141″ OR dst:”34.34.81.129″ OR dst:”35.192.41.201″) AND (eventId:”NETWORK_CONNECTION” OR eventSubId:3)<\/span><\/p>\n

More hunting queries are available for TrendAI Vision One\u2122 with Threat Intelligence Hub<\/a> entitlement enabled. <\/p>\n

The indicators of compromise for this entry can be found here<\/a><\/span>.<\/p>\n

Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

A solo Russian-speaking threat actor ran a 5-year Telegram channel and, starting September 2025, used AI to automate its content, credential theft, and a cryptocurrency fraud scheme targeting American audiences. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":60703,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9521,9577,9509],"class_list":["post-60702","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-crime","tag-trend-micro-research-phishing","tag-trend-micro-research-research"],"yoast_head":"\nOne Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u2018Patriot Bait\u2019 Campaign 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u2018Patriot Bait\u2019 Campaign 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-21T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/patriot-bait-cover:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u2018Patriot Bait\u2019 Campaign\",\"datePublished\":\"2026-05-21T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\\\/\"},\"wordCount\":1086,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Crime\",\"Trend Micro Research : Phishing\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\\\/\",\"name\":\"One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u2018Patriot Bait\u2019 Campaign 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign.png\",\"datePublished\":\"2026-05-21T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign.png\",\"width\":976,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u2018Patriot Bait\u2019 Campaign\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u2018Patriot Bait\u2019 Campaign 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/","og_locale":"en_US","og_type":"article","og_title":"One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u2018Patriot Bait\u2019 Campaign 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-05-21T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/patriot-bait-cover:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u2018Patriot Bait\u2019 Campaign","datePublished":"2026-05-21T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/"},"wordCount":1086,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Crime","Trend Micro Research : Phishing","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/","url":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/","name":"One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u2018Patriot Bait\u2019 Campaign 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign.png","datePublished":"2026-05-21T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign.png","width":976,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/one-man-one-ai-one-fake-persona-inside-the-5-year-influence-and-fraud-patriot-bait-campaign\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud \u2018Patriot Bait\u2019 Campaign"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60702","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60702"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60702\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/60703"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60702"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60702"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60702"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}