WASHINGTON — U.S. cyber specialists spent three months in Albania working alongside forces there to identify network weaknesses and hacking tools following Iranian cyberattacks on government systems.

The so-called hunt-forward operation, a defensive measure taken at the invitation of foreign officials, was the first conducted in Albania, a smaller NATO ally. U.S. Cyber Command revealed the operation, handled by its Cyber National Mission Force, or CNMF, on March 23.

Army Maj. Gen. William Hartman, the commander of the mission force, in a statement said the operation brought CYBERCOM personnel “closer to adversary activity” while promoting international relationships.

Army Maj. Gen. William J. Hartman, commander of Cyber National Mission Force, foreground, and Gen. Paul Nakasone, leader of U.S. Cyber Command, background, are seen at ceremony in December 2022.

“In an increasingly dynamic environment where malicious cyber actors attempt to exploit our networks, data, and critical infrastructure, we have a key asymmetric advantage that our adversaries don’t have: enduring partnerships, like this one with Albania,” he added.

Iran targeted Albanian networks in July and September, forcing offline key government services including the Total Information Management System, which tracks details of those entering and exiting the country.

The Biden administration condemned the digital belligerence and, ultimately, sanctioned Iran. The administration’s cybersecurity strategy identifies the Middle Eastern country as a burgeoning cyber power and a safe haven for ransomware abusers.

Nathaniel Fick, the U.S. ambassador at large for cyberspace and digital policy, in a statement Thursday said the U.S. remains committed “to working with Albania on securing its digital future, and ensuring that connectivity is a force for innovation, productivity, and empowerment.” He also called on other countries to hold Iran accountable for “its destructive cyberattacks.”

The CNMF has deployed more than three-dozen times to at least 22 countries — including Ukraine, ahead of Russia’s invasion — to bolster faraway networks and return with information that can be applied stateside.

Hunt-forward operations are part of CYBERCOM’s persistent engagement strategy, a means of being in constant contact with adversaries and ensuring proactive, not reactive, moves are made.

“When we are invited to hunt on a partner nations’ networks, we are able to find an adversary’s insidious activity in cyberspace and share with our partner to take action on,” Hartman said. “We can then impose costs on our adversaries by exposing their tools, tactics and procedures, and improve the cybersecurity posture of our partners and allies.”

Colin Demarest is a reporter at C4ISRNET, where he covers military networks, cyber and IT. Colin previously covered the Department of Energy and its National Nuclear Security Administration — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.

More In Cyber