Cyber Command deployed 'hunt forward' defenders to Croatia to help secure systems

U.S. Cyber Command recently sent a team of "elite defensive cyber operators" to Croatia for the first time as part of its hunt forward operations aimed at collecting information on adversary activity and strengthening partner cyber defenses.

The effort, which brought together experts from the Croatian Security and Intelligence Agency’s (SOA) Cyber Security Centre as well as U.S. military and civilian personnel, comes at a time when countries in Central and Eastern Europe are on high alert for cyberattacks linked to the war between Russia and Ukraine. Government agencies and businesses in Lithuania, Romania, Latvia and elsewhere have been pummeled by pro-Kremlin hackers in recent months, and European Union leaders have warned of potential "spillover effects" from such attacks.

In May, SOA Director Daniel Markić accused Russia of stepping up its cyberattacks against Croatia, adding that recent attacks had targeted ministries and the country's tax administration.

“This kind of partnership in cybersecurity is essential in today’s world as it expands our reach and capabilities,” Markić said in a press release shared by Cyber Command. “We face the same adversaries and threat actors in cyberspace, and we both gain and share valuable insights into cyber resilience as it has become the key objective for national security."

Although Cyber Command did not explicitly say that the Croatia operation was tied to the war in Ukraine, a top official told reporters in May that it was prioritizing certain hunt forward missions based on Russia-linked threats.

“Our deployment in Lithuania was directly related to the ongoing crisis in the Ukraine,” Maj. Gen. William Hartman, commander of the Cyber National Mission Force, told reporters at the Vanderbilt University’s Summit on Modern Conflicts and Emerging Threats. “Clearly the Russians are a threat to the Baltic states and other organizations in the near abroad. The Lithuania hunt was moved up in the queue, based on that threat."

Cyber Command over the last four years has conducted 35 hunt forward operations in 18 countries, including Estonia, Lithuania, Montenegro, North Macedonia, and Ukraine.

Cyber Command and National Security Agency chief Gen. Paul Nakasone told senators in April that the elite hacking force "stepped up an already high operational tempo" after Russia invaded Ukraine in February, and has been conducting additional hunt forward operations — including one in Ukraine — to identify network vulnerabilities.

In addition to threats from Russian government hackers, pro-Kremlin volunteer gangs have targeted a wide range of EU governments and companies in recent months in retaliation for supporting Ukraine. The Killnet group in particular took credit for a June attack on several Lithuanian government institutions, an April attack against websites owned by government agencies and a bank in Romania, a May attack on websites of Italy's parliament, military and National Health Institute, as well as several other incidents.

The hunt forward operation announced Thursday isn't the first time that the U.S. has aided Croatia's cybersecurity efforts. In 2020, the U.S. provided $4.2 million in special assistance to help Croatia establish a new cyber security operations centre in Zagreb. The funds went towards equipment, training, and technology to prevent cyber intrusions and defend the Croatian military, the U.S. embassy in Zagreb said.