U.S. Cyber Command Expands Operations to Hunt Hackers From Russia, Iran and China

FORT MEADE, Md. – The U.S. Cyber ​​Command expanded overseas operations to find foreign hacking groups ahead of Tuesday’s elections to identify not only Russian tactics but those of China and Iran as well, military officials said.

In addition to new operations in Europe to track down Russian hackers, Cyber ​​Command has sent teams to the Middle East and Asia for the past two years to find Iranian, Chinese, and North Korean hacking teams and identify the tools they use on computer networks intruded.

Cyber ​​Command expanded its push, which began in 2018 when it sent teams to North Macedonia, Montenegro and other countries to learn more about Russian operations. The move also reflects increased efforts to secure this year’s presidential election.

Cyber ​​Command, which conducts the military’s offensive and defensive operations in the online world, was largely on the sidelines in 2016. In the 2018 mid-term elections, however, the command took a far more aggressive stance. In addition to sending the teams to Allied countries, she sent warning messages to potential Russian trolls prior to the vote on her first offensive operation against Moscow. At least one of these troll farms was offline on election day and in the days that followed.

The operation in 2018 mainly focused on Russia, according to the public. Ahead of this year’s election, intelligence officials outlined efforts by Iran and China, as well as Russia, to potentially influence the vote, and Cyber ​​Command has broadened its focus as well.

“As of 2018, we have expanded our hunting operations to include all major adversaries,” said Lieutenant General Charles L. Moore Jr., assistant chief of Cyber ​​Command, in an interview at his Fort Meade office.

Cyber ​​Command calls its work with allies to find enemy hackers “driving operations forward”. After getting close to its own networks of foreign adversaries, Cyber ​​Command can get inside to identify and possibly neutralize attacks on the United States, according to current and former officials.

“We want to find the bad guys in the red room in their own operating environment,” said General Moore. “We want to take out the archer instead of dodging the arrows.”

Officials would only identify regions and not the countries they operated in prior to the 2020 elections. But Cyber ​​Command officials said these efforts exposed malware used by opposing hacking teams. Other government agencies used this information to help state and local officials strengthen their defenses of the electoral system and educate the public about threats.

Cyber ​​Command sends teams of experts overseas to work with partners and allied nations to help them find, identify, and eliminate hostile interference in their state or military computer networks.

For the allied nations, inviting Cyber ​​Command personnel not only helps improve their network defenses, but also shows adversaries that the U.S. military is working with them. For the United States, the sorties give their experts an early glimpse into the tactics potential opponents in their own neighborhood are developing, techniques that could later be used against Americans.


Oct. Oct. 2, 2020, 7:03 p.m. ET

The information gathered from the hunting forward operations was shared with the rest of the U.S. government to aid in defending critical networks ahead of the elections, Cyber ​​Command head General Paul M. Nakasone wrote in an August Article in Foreign Affairs.

Cybersecurity experts have argued that by deploying Cyber ​​Command, it can work with partner teams that are attacked daily by Russia, Iran or China.

“The best way to get information is to really work and collaborate with other teams fighting it,” said Theresa Payton, a cybersecurity expert and former civil servant in the George W. Bush administration. “You received several types of targeted attacks that you may not have seen.”

Cyber ​​Command officials said they continued to seek to identify and stop foreign threats to the election after the 2018 mid-term vote, and added new partners to their defense network.

“The attacks always go on. Because of this, Cyber ​​Command’s continued collaboration with other countries’ military cyber operations is our best way to protect American interests, “said Ms. Payton, whose book” Manipulated “examined emerging types of cyberattacks.

Some lawmakers and experts believe that foreign influence efforts could increase if a controversial election result occurs that increases fraud or recount claims.

Similarly, Cyber ​​Command officials said their efforts to counter foreign threats would not end with the end of the vote on Tuesday. They will resume once the votes are counted and the electoral college prepares for the December session.

“We are not stopping or thinking that our operations will wear off on November 3rd,” General Moore said. “Defending the elections is now an ongoing and ongoing campaign for Cyber ​​Command.”