WASHINGTON — A team of U.S. cyber specialists discovered malware during a three-month deployment to Latvia while scouring digital infrastructure for weaknesses.

The so-called hunt-forward operation, conducted by the Cyber National Mission Force, was the second such endeavor in the former Soviet state. It wrapped up “recently,” U.S. Cyber Command announced May 10.

“During the hunt activities in Lativia, the cyber teams found malware, analyzed it and have an increased understanding of the adversary’s [tactics, techniques and procedures],” according to a statement by the command. C4ISRNET inquired about the malware and its potential attribution.

The mission force worked alongside the CERT.LV, Latvia’s primary cyber emergency response team, and the Canadian military. Canada has spearheaded a NATO reinforcement mission in the European nation since 2017.

“With our trusted allies, the U.S. and Canada, we are able to deter cyber threat actors and strengthen our mutual resilience,” Baiba Kaškina, general manager of CERT.LV, said in a statement. “This can only happen through real-life defensive cyber operations and collaboration. The defensive cyber operations conducted allowed us to ensure our state infrastructure is a harder target for malicious cyber actors.”

The CNMF has deployed nearly four dozen times to 22 countries — including Ukraine, ahead of Russia’s invasion, and Albania, in the wake of Iranian cyberattacks — to strengthen far-flung networks and return with insights that can be applied stateside.

The U.S. considers China and Russia its most significant cyberthreats. Iran and North Korea also make the list, to a lesser degree.

Kaškina described Latvia as a favorite target of “Russian hacktivists and Russian state-supporting hacking groups.” The Latvian government has blamed Russian outfits for phishing and distributed denial-of-service attacks.

Hunt-forward operations are defensive efforts taken at the invitation of a foreign government. They are part of CYBERCOM’s persistent engagement strategy, a means of being in constant contact with adversaries while ensuring proactive, rather than reactive, moves are made.

“Adversaries often use spaces outside the U.S. as a testbed for cyber tactics, which they may use later to access U.S. networks,” U.S. Army Maj. Gen. William Hartman, the commander of the mission force, said in a statement. “But with our hunt forward missions, we can deploy a team of talented people to work with our partners, find that activity before it harms the U.S., and better posture the partner to harden critical systems against bad actors who threaten us all.”

Latvia supports Ukraine in its fight to repel Russian troops, committing to the embattled nation anti-aircraft Stinger missiles, guns, drones, ammunition and more.

Colin Demarest was a reporter at C4ISRNET, where he covered military networks, cyber and IT. Colin had previously covered the Department of Energy and its National Nuclear Security Administration — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.

More In Cyber