As cyber–physical networks become increasingly equipped with embedded capabilities, they are made vulnerable to malicious attacks with the increased number of access points available to attackers. A particularly pernicious attack is spoofing, in which a malicious agent spawns multiple identities and can compromise otherwise attack–resilient algorithms that rely on assumed network robustness structures. We generalize a class of resilient consensus strategies, known as weighted mean-subsequence-reduced (W-MSR) consensus, to further provide spoof resilience by incorporating a physical layer authentication. By comparing the physical fingerprints of received signals, legitimate agents can identify and isolate malicious agents that attempt spoofing attacks. A key technical contribution is to quantify worst case misclassification probability using distributionally robust Chebyshev bounds computed via semidefinite programming when the physical fingerprints of received signals are stochastic. Numerical simulations and experimental results illustrate the effectiveness of the proposed methods. Our framework is applicable to a variety of problems involving multirobot systems coordinating via wireless communication.