Internal Docs Show Why the US Military Publishes North Korean and Russian Malware

An anonymous reader quotes a report from Motherboard: Newly released and previously secret documents explain in greater detail how, and why, a section of the U.S. military decides to publicly release a steady stream of adversarial countries’ malware, including hacking tools from North Korea and Russia. Cyber Command, or CYBERCOM, publishes the malware samples onto VirusTotal, a semi-public repository that researchers and defenders can then pore over to make systems more secure. The document provides more insight into how the U.S. military is engaged in an unusually public-facing campaign, and in particular highlights one of the reasons CYBERCOM wants to release other nation’s hacking tools: to make it harder for enemy hackers to remain undetected. A previously secret section of one of the CYBERCOM documents reads “Posting malware to VT [VirusTotal] and Tweeting to bring attention and awareness supports this strategy by putting pressure on malicious cyber actors, disrupting their efforts.” Motherboard obtained the redacted documents through a Freedom of Information Act (FOIA) request to CYBERCOM. CYBERCOM started publishing malware in 2018, with one sample coming from Russian-linked hacking group APT28. It has since released malware from North Korean hackers. CYBERCOM also has a dedicated Twitter account for distributing news of the samples. Some tweets even include memes such as “DPRK MALWARE” written onto conversation candy hearts to coincide with a release on Valentines Day. When it originally announced the campaign, CYBERCOM said it “initiated an effort to share unclassified malware samples it has discovered that it believes will have the greatest impact on improving global cybersecurity.” But the documents show how the effort has a more offensive slant, too. In a statement a CYBERCOM spokesperson reiterated some of the agency’s earlier public comments, writing, “We plan to continue to publicly disclose malware samples, which we believe will have the greatest impact on improving global security.” You can read the documents here.