Cyber Command sent a ‘hunt forward’ team to help Lithuania harden its systems
Image: U.S. Army/Joseph Friend
Martin Matishak May 4, 2022

Cyber Command sent a ‘hunt forward’ team to help Lithuania harden its systems

Cyber Command sent a ‘hunt forward’ team to help Lithuania harden its systems

NASHVILLE — U.S. Cyber Command recently deployed personnel to Lithuania to strengthen that country’s digital defenses, the second such mission tied to Russia’s invasion of Ukraine, a senior command official said Wednesday.

“Our deployment in Lithuania was directly related to the ongoing crisis in the Ukraine,” Maj. Gen. William Hartman, commander of the Cyber National Mission Force, told reporters during a roundtable discussion at Vanderbilt University’s Summit on Modern Conflicts and Emerging Threats.

“Clearly the Russians are a threat to the Baltic states and other organizations in the near abroad. The Lithuania hunt was moved up in the queue, based on that threat,” he added.

The Lithuanian Ministry of Defense issued a press release acknowledging the concluded three-month effort.

“The war against Ukraine has demonstrated that cyberattacks are an inseparable element of modern military campaigns,” said Deputy Defense Minister Margiris Abukevičius. “Bearing that in mind, we have to prepare and build up capabilities for safeguarding our key networks, during war and peace alike, in advance.”

The disclosure, coming almost immediately after the deployment, is rare for Cyber Command. The organization has conducted 28 such missions in 16 different countries over the last four years but usually does not share any details until well after its work has finished. 

For instance, Cyber Command sent defensive cyber operators to Montenegro, North Macedonia and Ukraine as part of its effort to protect the 2018 midterm elections from foreign interference — and only shared that information the following year.

The delayed disclosure is often at the behest of the country that invited the U.S. to work on its networks — they generally don’t want adversaries to sniff out potential vulnerabilities, and the military simply doesn’t want a country like Russia to know where forces might be.

Nine missions

In congressional testimony last month, Cyber Command and National Security Agency chief Gen. Paul Nakasone said the elite hacking unit had sent personnel to Ukraine for two months to bolster Kyiv’s cybersecurity and those of “our NATO Allies and partners.”

Speaking at the Vanderbilt summit, Nakasone said Cyber Command has conducted nine hunt forward missions last year, including the one to Ukraine.

“These are countries that have asked for our assistance, deploying our defensive teams for being able to identify malware and tradecraft our adversaries were using and then sharing that broadly with a commercial provider,” he said.

Hartman said the Ukraine team included “more than a couple dozen” operators and initially traveled to the former Soviet satellite state last December to perform a “pre-deployment site survey” to basically determine what work might go into the eventual deployment.

However, once on the ground, “they realized, one, what the threat really looked like when you’re sitting there in Kyiv and, two, there really was an immediate requirement to help.” 

The two-star said Cyber Command officials talk to their Ukrainian counterparts “on a daily basis.”

“We are still able to get malicious software passed back to us that we can make sure that if it’s not e-signatured already that we can share it with private industry and private industry can write those signatures to ensure that, whatever type of wiper attacks are being conducted in Kyiv, that, for the most part, the United States is going to be protected against such,” according to Hartman.

Martin is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.