22 ‘hunt forward’ missions deployed overseas in 2023, Cyber Command leader says

U.S. Cyber Command expanded the use of its elite digital warfighting corps in 2023, deploying the team nearly two dozen times around the globe to uncover malicious software and bolster the defenses of allies, the command’s chief said on Wednesday.

The command sent personnel from the Cyber National Mission Force (CNMF) on 22 “hunt forward” missions to 17 different countries last year alone, Air Force Gen. Timothy Haugh, who also leads the National Security Agency, said in written testimony to the Senate Armed Services Committee.

The disclosure is notable for the command, which has previously not shared an annual figure for such missions since they began in 2018. Data on the exact number of missions has always been vague, in part because host countries don’t want adversaries to know they invited the U.S. to work on their networks and inadvertently sniff out potential vulnerabilities.

For example, last September the CNMF announced it had deployed 50 times to work on more than 75 networks in 23 countries. It did not specify how many took place in 2023 or the year before.

In all, the last year’s expeditions collected over 90 malware samples that were then publicly released and shared with the U.S. cybersecurity community, according to Haugh, 

“Such disclosures can make billions of Internet users around the world safer on-line, and frustrate the military and intelligence operations of authoritarian regimes.”

Last year also marked for the first time in the command’s history that hunt forward operations occurred “simultaneously” in all of the Defense Department’s geographic combatant commands — Europe, Africa, Indo-Pacific, Central, Northern and Southern — areas of responsibility.

Together, the figures indicate that hunt forward operations are becoming an even more critical component of the command’s national security portfolio, including election security and ongoing battles against digital espionage and ransomware.

Eye on the Kremlin

The number of missions could rise even higher this year, as the U.S. girds for possible interference from multiple foreign nations in the 2024 presidential election, particularly Russia.

“Moscow likely views the upcoming U.S. election as an opportunity for malign influence and has previously targeted elections in the United States and Europe,” Haugh said in his testimony.

“We assess they will most likely do so again in this year’s elections,” he added, echoing previous warnings by U.S. intelligence leaders about threats to November’s elections.

Haugh signaled that Cyber Command has begun preparing to defend Election Day.

The Election Security Group, led by officials from Cyber Command and NSA, “began working well before the start of the primary season to coordinate cybersecurity, intelligence, and operations, to better enable domestic partners to defend electoral processes,” Haugh, who co-chaired the group during the 2018 midterm elections, told lawmakers.

“Let me assure you that our mission focus is foreign actors overseas,” he said. “We shall work with scrupulous regard for the privacy and civil liberties of U.S. persons and in an objective, non-partisan manner as we have for the past six years.”

The Record reported last month that, unlike previous election cycles, both organizations intend to keep the leaders of the group anonymous.