Uncle Sam reveals it sent cyber-soldiers to Albania to hunt for Iranian threats
'Hunt forward' teams of this sort aid with defense and learn how attackers like Tehran operate
US Cyber Command operators have confirmed they carried out an online defensive mission in Albania, in response to last year's cyber attacks against the local government.
Over the course of the three-month deployment, Cyber National Mission Force (CNMF) troops worked with their Albanian counterparts to hunt for cyber threats and identify vulnerabilities on networks in the NATO country.
We mention NATO because those attacks are thought to have been driven by Iran. Shortly after the attacks, Albania reportedly considered invoking Article Five, which would have drawn all NATO member states, including the US, into a confrontation with Iran.
"The United States is committed to working with Albania on securing its digital future, and ensuring that connectivity is a force for innovation, productivity, and empowerment," Nathaniel Fick, US ambassador-at-large for cyberspace and digital policy, declared in a statement published on Thursday about the cyber mission in Albania.
"We will continue to support our NATO ally Albania's remediation efforts, and invite partners to join us alongside our NATO allies in holding Iran accountable for its destructive cyber attacks against Albania in July and September 2022," he added.
Following the two attacks, which shut down Albania's online public services and websites, the White House National Security Council pledged to "take further action to hold Iran accountable for actions that threaten the security of a US ally and set a troubling precedent for cyberspace."
Shortly afterward, the US Treasury Department issued sanctions against Iran's intelligence agency in response to the attacks.
In an effort to thwart future malicious behavior conducted by Iran in cyberspace, US Cyber Command therefore made public its latest "hunt forward" defensive operation.
The US conducted its first hunt forward operation in 2018, sending cyber troops to Ukraine. Since then, CNMF has deployed 44 times to 22 countries and conducted hunt operations on nearly 70 networks around the world. These include Albania, Estonia, Lithuania, Croatia, Montenegro and North Macedonia, among others.
The goal, according to US Cyber Command chief General Paul Nakasone, is to "understand what our adversaries are doing, being able to capture that and then being able to share it."
- Uncle Sam sanctions Iran's intel agency over Albanian cyberattack
- Iran-linked Charming Kitten espionage gang bares claws to pollies, power orgs
- Iran steps up its cybercrime game and Uncle Sam punches back
- US Cyber Command shored up nine nations' defenses last year
Usually, however, the US cyber forces are pretty closed-lipped about these operations. That seems to have changed a few months into the illegal Russian invasion of Ukraine when Nakasone very publicly confirmed both offensive and defensive cyber operations to help Ukraine.
These hunt forward missions are a win-win for both participating governments, according to the feds. The foreign countries benefit from US cyber security tools and threat intel, and Cyber Command gets to put sensors on networks (with permission, we're told), which gives the military better visibility into threats beyond the borders of the United States.
While the hunt forward teams don't actually mitigate the threats – in the case of Albania, the cyber operators provided technical findings from their network hunt to the Albanian government – they do provide a real-time look into threat actors' behavior, US Army Major General William Hartman, commander of Cyber National Mission Force, explained in a statement.
"When we are invited to hunt on a partner nations' networks, we are able to find an adversary's insidious activity in cyberspace, and share with our partner to take action," according to Hartman's statement. "We can then impose costs on our adversaries by exposing their tools, tactics and procedures, and improve the cyber security posture of our partners and allies." ®