cyber command center

Documents Reveal Why U.S. Military Publishes Malware Used by North Korean and Russian Hackers

CYBERCOM has created a Twitter account with thousands of followers to publicize malware samples it shares with cybersecurity companies. Internal documents explain that it’s part of a defensive (and offensive) strategy.

Ever wonder why the U.S. military has decided to consistently publish the malware and hacking methods used by countries like North Korea and Russia? Documents obtained by VICE News describes the strategy behind Cyber Command’s decision to publish samples of malware.

The government started publishing samples of malware on VirusTotal, a semi-public website for researchers and cybersecurity experts, in 2018. The site allows researchers to closely examine how the malware works and how companies and institutions might combat it.

In addition, CYBERCOM also created a Twitter account, which has earned 11,500 followers, that they use to publicize and share news of the malware samples uploaded to VirusTotal. Most of the published malware samples rare related to Russian or North Korean-linked operations.

Now, there is more insight into why CYBERCOM made the choice to start publicly sharing the knowledge it has collected on countries it considers dangerous to national security. One document states that CYBERCOM hopes publication of the hacking tools will “bring attention and awareness” by “putting pressure on malicious cyber actors, disrupting their efforts.”

Cybersecurity experts say that the documents obtained by VICE show that the release of these malware samples show that CYBERCOM is going beyond a defensive public relations campaign.

“Cyber Command deploys VirusTotal uploads for both offensive and defensive purposes at the same time—to ‘impose costs on nation state malicious cyber actors’ and to ‘enhance our shared global cybersecurity,’” Thomas Rid, a professor of strategic studies at Johns Hopkins University, told VICE.

Once CYBERCOM decides to release the malware sample, cybersecurity companies have the ability to analyze it and update their own products to detect that specific malware strain. In addition, the military wants to “impose costs” on hacking operations by “highlighting malware to the cybersecurity community for rapid integration into antivirus software.”

Rid added that this policy means that the military is hoping for the cybersecurity community to rapidly attribute the malware to a specific actor or country. That would mean that “follow-on attribution by commercial cybersecurity companies and independent researchers is part of ‘imposing costs’ on adversary states,” Rid said.

The agency did not elaborate on its strategy, but noted that its public disclosures would continue.

"We plan to continue to publicly disclose malware samples, which we believe will have the greatest impact on improving global security,” a CYBERCOM spokesperson said in a statement to VICE.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
  • Nothing Artificial About this Intelligence

    I have been looking forward to this year’s GSX show in New Orleans, the Cresent City, or if you prefer The Big Easy. It seems like quite a while since we’ve been here. Twenty years ago, ASIS, as it was known then was literally washed out of the city by someone known as Katrina. It is a good thing to come back to NOLA. Read Now

  • From Monitors to Mission Control

    Security Operations Centers (SOC) were once defined by rows of static monitors, each displaying a single feed with operators quietly watching for issues. That model has become obsolete. Incidents evolve too quickly, data comes from multiple locations, and decisions must be made in seconds—not minutes. Read Now

  • New Gas Monkey Garage Venue Uses AI-Enhanced Video Technology

    Gas Monkey Garage, the automotive custom shop and entertainment brand founded by Richard Rawlings of Fast N’ Loud TV fame, has opened a vibrant new restaurant and bar in South Dakota, equipped with advanced, AI-enhanced video tech from IDIS Americas. Read Now

  • Data Driven, Proactive Response

    As cities face rising demands for smarter policing and faster emergency response, Real Time Crime Centers (RTCCs) are emerging as essential hubs for data-driven public safety. In this interview, two experts with deep field experience — Ross Bourgeois of New Orleans and Dean Cunningham of Axis Communications — draw on decades of operational, leadership and technology expertise to share how RTCCs are transforming public safety through innovation, interagency collaboration and a relentless focus on community impact. Read Now

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.