U.S. Cyber Command deploys defensive operators to Croatia to hunt for malicious cyber activity
For the first time in U.S. Cyber Command history, a team of elite defensive cyber operators deployed to Croatia to hunt for malicious cyber activity on partner networks, returning with new insights and partnership that bolster the Nation’s defense.
“This kind of partnership in cybersecurity is essential in today’s world as it expands our reach and capabilities,” said Director of the Croatian Security and Intelligence Agency Daniel Markić.
“We face the same adversaries and threat actors in cyberspace, and we both gain and share valuable insights into cyber resilience as it has become the key objective for national security,” he added.
U.S. Cyber Command’s Cyber National Mission Force routinely conducts ‘hunt forward operations’ globally with the purpose of learning adversary activities for homeland defense and enabling partner nations’ collective cybersecurity.
The team, made up of U.S. military and civilian personnel, worked side-by-side with the Croatian Security and Intelligence Agency’s (SOA) Cyber Security Centre experts, hunting on the prioritized networks of national significance and looking for malicious cyber activity and vulnerabilities. The hunt forward team returned recently to the United States, with both adversary and shared understanding of each other’s methodologies and capabilities.
“For us, it isn’t just about hunting on our partner’s networks for similar threats to our networks and then bringing that back home to defend our Nation’s networks,” said the U.S. hunt forward team leader, whose name cannot be used for operational security reasons. “It was also about the personal relationships we built, and the partnership we can grow. I was personally impressed with the level of organization, visibility, and proactivity of the SOA Cyber Security Center, as we sat side-by-side hunting for bad actors.”
Hunt forward operations are part of U.S. Cyber Command’s persistent engagement strategy, aimed at proactively bolstering defenses in the U.S. and disrupting malicious cyber activity in U.S. infrastructure.
“It was an honor to send some of our best defensive operators to Croatia, to hunt for shared threats alongside our partners—we want to bring both expertise and talent to our partner nations, while seeing cyber adversaries who may be threatening our Nation,” said U.S. Army Maj. Gen. William J. Hartman, commander of the Cyber National Mission Force. “Our teams don’t just come back with insights that strengthen our defenses, and support our allies, but also with professional relationships…and these relationships will continue to grow as we work together, against common adversaries, in the years to come.”
As of Aug. 2022, CNMF has conducted 35 hunt forward operations in 18 countries, including Estonia, Lithuania, Montenegro, North Macedonia and Ukraine—doing so on over 50 foreign networks, much of it during a global pandemic.
In cybersecurity, ‘hunting’ is a proactive cyber defense activity, to observe and mitigate threats that are undetected on a network or system. While hunt forward operations teams do not mitigate threats on partner networks, they enable their counterparts to pursue and address the threats found.
“These defensive operators are hunters, trained to know the behavior of their target,” said CNMF’s defensive cyber lead against Russian threats. “They are experts at looking for those behaviors, and finding some of their more malicious and subtle techniques. We share this information with our partners, so they can take action on their own networks.”
In addition to countering the malicious cyber actors who target partner nation’s networks, data, and platforms, the U.S. and allies gain valuable insight into adversaries’ tactics, techniques, and procedures. Knowing these plans, capabilities, and tools further enables the U.S. and its allies to disrupt and even halt malicious cyber activity before it reaches friendly networks and causes significant harm.
“International partnerships we built are crucial for preventing numerous state-sponsored cyber-attacks, and attacks endangering our national security,” said Mr. Markić, whose organization is focused on preventing activities that endanger Croatian national interests. “The more complex the cyber security challenges become, the more comprehensive our response must be.”