cyber command center

Documents Reveal Why U.S. Military Publishes Malware Used by North Korean and Russian Hackers

CYBERCOM has created a Twitter account with thousands of followers to publicize malware samples it shares with cybersecurity companies. Internal documents explain that it’s part of a defensive (and offensive) strategy.

Ever wonder why the U.S. military has decided to consistently publish the malware and hacking methods used by countries like North Korea and Russia? Documents obtained by VICE News describes the strategy behind Cyber Command’s decision to publish samples of malware.

The government started publishing samples of malware on VirusTotal, a semi-public website for researchers and cybersecurity experts, in 2018. The site allows researchers to closely examine how the malware works and how companies and institutions might combat it.

In addition, CYBERCOM also created a Twitter account, which has earned 11,500 followers, that they use to publicize and share news of the malware samples uploaded to VirusTotal. Most of the published malware samples rare related to Russian or North Korean-linked operations.

Now, there is more insight into why CYBERCOM made the choice to start publicly sharing the knowledge it has collected on countries it considers dangerous to national security. One document states that CYBERCOM hopes publication of the hacking tools will “bring attention and awareness” by “putting pressure on malicious cyber actors, disrupting their efforts.”

Cybersecurity experts say that the documents obtained by VICE show that the release of these malware samples show that CYBERCOM is going beyond a defensive public relations campaign.

“Cyber Command deploys VirusTotal uploads for both offensive and defensive purposes at the same time—to ‘impose costs on nation state malicious cyber actors’ and to ‘enhance our shared global cybersecurity,’” Thomas Rid, a professor of strategic studies at Johns Hopkins University, told VICE.

Once CYBERCOM decides to release the malware sample, cybersecurity companies have the ability to analyze it and update their own products to detect that specific malware strain. In addition, the military wants to “impose costs” on hacking operations by “highlighting malware to the cybersecurity community for rapid integration into antivirus software.”

Rid added that this policy means that the military is hoping for the cybersecurity community to rapidly attribute the malware to a specific actor or country. That would mean that “follow-on attribution by commercial cybersecurity companies and independent researchers is part of ‘imposing costs’ on adversary states,” Rid said.

The agency did not elaborate on its strategy, but noted that its public disclosures would continue.

"We plan to continue to publicly disclose malware samples, which we believe will have the greatest impact on improving global security,” a CYBERCOM spokesperson said in a statement to VICE.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Busy South Africa Building Integrates Custom Access Control System

    Nicol Corner, based in Bedfordview, Johannesburg, South Africa, is home to a six-star fitness club, prime office space, and an award-winning rooftop restaurant. This is the first building in South Africa to have its glass façade fully incorporate fritted glazing, saving 35% on energy consumption. Nicol Corner (Pty) LTD has developed a landmark with sophisticated design and unique architecture by collaborating with industry-leading partners and specifying world-class equipment throughout the project. This includes installing a high-spec, bespoke security and access control system. Read Now

  • Only 13 Percent of Research Institutions Are Prepared for AI

    A new survey commissioned by SHI International and Dell Technologies underscores the transformative potential of artificial intelligence (AI) while exposing significant gaps in preparedness at many research institutions. Read Now

  • Survey: 70 Percent of Organizations Have Established Dedicated SaaS Security Teams

    Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3