Following Iranian cyberattacks against Albanian networks last year, a team from U.S. Cyber Command embarked on a months-long deployment to survey the damage and gain insights into the tactics used. The so-called hunt forward operation was the first such action taken with the nation of Albania, according to a Cybercom release on Thursday that shed more light on the effort.
These types of ops involve physically sending defensively oriented cyber protection teams from the U.S. military’s Cyber National Mission Force (CNMF) to foreign countries to hunt for threats on their networks at the invitation of host nations. The CNMF was recently designated a sub-unified command in December.
Since 2018, the CNMF has deployed 44 times to 22 different nations conducting such operations on nearly 70 networks, according to Cybercom. Officials say these operations are mutually beneficial because they help bolster the security of partner nations and provide Cyber Command — and by extension, the United States — advanced notice of adversary tactics allowing the U.S. to harden systems at home against these observed threats.
The Iranian cyberattacks occurred in July and September 2022. The July attacks, in response to an Iranian government opposition group conference in Albania, shut down numerous Albanian government services. The September attacks targeted a government system used to track border crossings following Albania cutting diplomatic ties with Iran.
The U.S. government issued sanctions against Iran and sought to help Albania bolster its overall security posture.
“We will continue to support our NATO ally Albania’s remediation efforts, and invite partners to join us alongside our NATO allies in holding Iran accountable for its destructive cyberattacks against Albania in July and September 2022,” U.S. Ambassador at Large for Cyberspace and Digital Policy Nathaniel Fick said in a statement.
The CNMF team was deployed for three months and provided technical findings to the Albanian government allowing them to bolster their networks. These insights are also critical to defending the U.S. against malicious cyber activity.
“These hunts bring us closer to adversary activity to better understand and then defend ourselves, but they also bring the U.S. closer to our partners and allies. These relationships are key to protecting our networks and critical infrastructure against shared threats,” Maj. Gen. William Hartman, commander of the CNMF, said.
“When we are invited to hunt on a partner nations’ networks, we are able to find an adversary’s insidious activity in cyberspace, and share with our partner to take action on. We can then impose costs on our adversaries by exposing their tools, tactics and procedures, and improve the cybersecurity posture of our partners and allies. When we share information, we are all more defended from those who seek to do us harm,” he added.
These types of ops are an opportunity for the U.S. to build stronger partnerships with other nations on the cyber front, a key priority for enhancing global digital security.
“The cooperation with U.S. Cyber Command was very effective and made us feel safe by assuring that we have followed all the right steps in responding to these sophisticated attacks,” Mirlinda Karçanaj, general director of the National Agency of Information Society, an Albanian government institution that coordinates information systems, said. “We hope that this cooperation will continue in the future so that we can further exchange experiences and increase our capacities to another level.”