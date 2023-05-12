FORT GEORGE G. MEADE, Md. / RIGA, LATVIA — A team of cyber experts from the US Cyber ​​Command’s National Cyber ​​Mission Force (CNMF) recently returned from a forward hunting operation in Latvia.

During the three-month long operation, the US team worked with CERT.LV, the Information Security Incident Response Agency of the Republic of Latvia – on a defensive cyber threat hunting operation focused on Latvia’s critical infrastructure. CERT.LV plays a critical role in protecting Latvia’s cyber ecosystem and supporting the country’s digital transformation.

The US team worked alongside the Canadian Armed Forces and Latvian allies to support their defense operations, marking the first time US and Canadian forces have conducted the hunt at the same time.

By sharing information about cyber threats in real time, allied nations can improve their collective cyber resilience and defense.

“With our trusted allies, the US and Canada, we are able to deter cyber threat actors and strengthen our mutual resilience,” said Baiba Kakina, General Manager of CERT.LV. “This can only happen through real-life defensive cyber operations and cooperation. The cyber defense operations conducted allowed us to ensure that our state infrastructure is a more difficult target for malicious cyber actors.”

Operations Hunt Forward are defensive, intelligence-driven, partner-requested cyber operations. CNMF hunting teams operate on a partner-selected network to detect, monitor and analyze the tactics, techniques and procedures of malicious cyber actors.

The Canadian Cyber ​​Task Force has a historic relationship with Latvian cyber security professionals and work in direct support of their efforts. Canada has led NATO’s Forward Presence Battle Group (eFP) in Latvia since 2017. While the US team was deployed, both US and Canadian teams worked together in different networks, sharing information and indicators of threat hunting with each other and with Latvian officials.

These operations can help strengthen the security of partner countries and give us advanced notice of adversary tools and techniques.

“Every day, we see malicious cyber actors take deliberate and irresponsible actions to target us, steal from us and attack our systems. Partnerships like this with Latvia are key to our defense,” said U.S. Army Maj. Gen. William J. Hartman, commander of the National Cyber ​​Mission Force. “We share threats, but more importantly, we share an understanding and strategic relationship in cyberspace that go beyond this forward hunting operation.”

As part of CYBERCOM’s Defend Forward strategy, the CNMF has worked with several partner countries as part of forward hunting missions. During these missions, U.S. and partner nation cyber experts are building capabilities in cyberspace, sharing threat intelligence and enhancing network resilience and defenses.

The trust and cooperation of the partner nation often results in CNMF hunting teams returning to the US with additional knowledge of adversary tools, techniques and procedures (TTP).

“Latvia has demonstrated remarkable resilience over the past year, being among the EU states most targeted by Russian hacktivists and pro-Russian hacker groups,” Kakina said. “We remain focused on ensuring that critical infrastructure and electronic services are secure and available to the general public and government.”

During the hunting activities in Latvia, the cyber teams found the malware, analyzed it and have a greater understanding of the adversary’s TTPs.

“Adversaries often use spaces outside the US as a test bed for cyber tactics, which they can later use to break into US networks,” Hartman said. “But with our hunting missions ahead, we can deploy a team of talented people to work with our partners to find that activity before it harms the U.S. and better position the partner to strengthen critical systems against actors bad guys who threaten us all.”

The CNMF has been deployed 47 times to 22 countries and has conducted hunting operations in over 70 networks worldwide. This is the second deployment of the CNMF to Latvia. Additionally, teams have been deployed in Ukraine, Albania, Estonia, Lithuania, Croatia, Montenegro, North Macedonia and other countries since 2018.

The CNMF’s primary mission is to protect the nation in and through cyberspace by interdicting, disrupting, and imposing costs on adversaries who attempt to interfere with US democratic processes, steal intellectual property, or attack critical infrastructure. On 19 December 2022, the CNMF was elevated to a unified subordinate command under CYBERCOM and is set to leverage speed and unity of effort to defend the US and its partners and allies.

CERT.LV contributes to the global cyber security community by participating in international cooperation forums (eg FIRST, TF-CSIRT, European CSIRT Network and others) regularly contributing to the exchange of expertise and the exchange of knowledge. The importance of CERT.LV lies in providing a coordinated response to cyber incidents and facilitating the exchange of information between various stakeholders, including government institutions, the private sector and academia.

CERT.LV operates under the Ministry of Defense of the Republic of Latvia and is regulated by the Law on Information Technology Security.