cyber command center

Documents Reveal Why U.S. Military Publishes Malware Used by North Korean and Russian Hackers

CYBERCOM has created a Twitter account with thousands of followers to publicize malware samples it shares with cybersecurity companies. Internal documents explain that it’s part of a defensive (and offensive) strategy.

Ever wonder why the U.S. military has decided to consistently publish the malware and hacking methods used by countries like North Korea and Russia? Documents obtained by VICE News describes the strategy behind Cyber Command’s decision to publish samples of malware.

The government started publishing samples of malware on VirusTotal, a semi-public website for researchers and cybersecurity experts, in 2018. The site allows researchers to closely examine how the malware works and how companies and institutions might combat it.

In addition, CYBERCOM also created a Twitter account, which has earned 11,500 followers, that they use to publicize and share news of the malware samples uploaded to VirusTotal. Most of the published malware samples rare related to Russian or North Korean-linked operations.

Now, there is more insight into why CYBERCOM made the choice to start publicly sharing the knowledge it has collected on countries it considers dangerous to national security. One document states that CYBERCOM hopes publication of the hacking tools will “bring attention and awareness” by “putting pressure on malicious cyber actors, disrupting their efforts.”

Cybersecurity experts say that the documents obtained by VICE show that the release of these malware samples show that CYBERCOM is going beyond a defensive public relations campaign.

“Cyber Command deploys VirusTotal uploads for both offensive and defensive purposes at the same time—to ‘impose costs on nation state malicious cyber actors’ and to ‘enhance our shared global cybersecurity,’” Thomas Rid, a professor of strategic studies at Johns Hopkins University, told VICE.

Once CYBERCOM decides to release the malware sample, cybersecurity companies have the ability to analyze it and update their own products to detect that specific malware strain. In addition, the military wants to “impose costs” on hacking operations by “highlighting malware to the cybersecurity community for rapid integration into antivirus software.”

Rid added that this policy means that the military is hoping for the cybersecurity community to rapidly attribute the malware to a specific actor or country. That would mean that “follow-on attribution by commercial cybersecurity companies and independent researchers is part of ‘imposing costs’ on adversary states,” Rid said.

The agency did not elaborate on its strategy, but noted that its public disclosures would continue.

"We plan to continue to publicly disclose malware samples, which we believe will have the greatest impact on improving global security,” a CYBERCOM spokesperson said in a statement to VICE.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • 7 Reasons Why Governments Need to Regulate AI

    Recently, Elon Musk unveiled two remarkable AI applications. A humanoid robot named Optimus, with its remarkable human-like speech and movements, and a fully autonomous car, absent steering wheel and pedals, called Cybercab. While these examples represent a broad trend of AI integration across industries, they highlight technology’s transformative potential, prompting a need for regulation to ensure it is used responsibly, securely and ethically. Read Now

  • OR Code Phishing on the Rise According to New Report

    KnowBe4 recently released its Q3 2024 Phishing Report. This quarter's findings reveal the most frequently clicked email subjects in simulated phishing tests, demonstrating the continued efficacy of HR and IT-related phishing attempts. KnowBe4’s Q3 2024 Phishing Report reveals that HR and IT-related phishing emails claim a significant 48.6% share of top-clicked phishing types globally. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks. Read Now

  • United HealthCare CEO Killed in Targeted Attack in New York City

    United HealthCare CEO Brian Thompson was killed in a targeted attack early Wednesday in Manhattan Read Now

  • Theft, Crime Driving Retail Workers to Look for New Jobs

    More than four in ten retail workers in the U.S. say they are likely to leave their current job in the next 12 months due to personal safety concerns, according to new research conducted by the Loss Prevention Research Council (LPRC) in partnership with Verkada. Read Now

Featured Cybersecurity

Webinars

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3