The US Cyber National Mission Force (CNMF) has conducted its first-ever operation in Albania, called Hunt Forward, to help find and identify vulnerabilities on the country’s critical networks.
The technical findings enabled the Albanian government to strengthen its network defences and provided the US with “unique insights” about the adversary’s tactics, techniques and procedures. The operation followed two cyberattacks in July and September that targeted e-government services and the country’s border crossing system, respectively.
Iran was held responsible for both attacks, and Albania severed diplomatic ties with Tehran over the first one.
The US government sanctioned Iran’s Ministry of Intelligence and Security for the July cyberattack and stated that it “will not tolerate Iran’s increasingly aggressive cyber activities targeting the United States or our allies and partners”.
At the same time, the Iranian hackers had a dwell period of over a year on Albanian networks before launching the targeted cyberattacks, according to the US Cybersecurity and Infrastructure Security Agency. Albania, a NATO member since 1994, had the opportunity to invoke Article 5 of the alliance, which would have meant that the entire NATO alliance, including the US, could have retaliated against Tehran.
However, the country chose to improve its own cyber defences instead.
The three-month mission was part of CNMF’s Hunt Forward operation, which is limited to defensive cyber operations. The CNMF is only deployed to partner nations upon their request, and “CNMF operators sit side by side with partners and hunt for vulnerabilities, malware, and adversary presence on the host nation’s networks,” according to the US Cyber Command.
Cyber Command and NSA chief Gen. Paul Nakasone have said that this exercise builds confidence between allies. The CNMF has deployed its top cyber soldiers 44 times to 22 countries and conducted operations on nearly 70 networks worldwide.
