U.S. Cyber Command disrupted blocked Russian troll factory during 2018 midterms

The U.S. Cyber Command blocked the Internet access to the Russian troll factory while it was attempting to interfere with 2018 midterm.

According to the Washington Post, that cites several U.S. officials, the operation conducted by the U.S. Cyber Command hit the Internet Research Agency in St. Petersburg, the company used by the Russian Government in propaganda and psyops operations.

“They basically took the IRA offline,” said an individual familiar with the events who spoke on the condition of anonymity. “They shut them down.”

“The operation marked the first muscle-flexing by U.S. Cyber Command, with intelligence from the National Security Agency, under new authorities it was granted by President Trump and Congress last year to bolster offensive capabilities.” states the Washington Post.

“The president approved of the general operation to prevent Russian interference in the midterms, officials said.”

The operation was led by Gen. Paul Nakasone, who in July formed the Russia Small Group, a team composed of 75 to 80 people from Cybercom and the NSA.

Intelligence analysts believe that this attack is just a temporary success against Russian activities, Russia’s tactics are rapidly evolving and the troll factory will continue its operations.

U.S. officials pointed out that this operation is part of a long-term campaign aimed at preventing further interference in the politics of foreign countries.

“Part of our objective is to throw a little curveball, inject a little friction, sow confusion,” said one defense official. “There’s value in that. We showed what’s in the realm of the possible. It’s not the old way of doing business anymore.”

“The fact that the 2018 election process moved forward without successful Russian intervention was not a coincidence,” said Sen. Mike Rounds (R-S.D.), who did not discuss the specific details of the operation targeting the St. Petersburg group. Without Cybercom’s efforts, he said, there “would have been some very serious cyber-incursions.”

The attack against the troll factory has happened the day Americans went to the polls and a day or so afterward as the votes were tallied. The timeline of attacks allowed the US government to prevent the Russians trolls from mounting a disinformation campaign that cast doubt on the results.

“The operation also was the first real test of Cybercom’s new strategy of “persistent engagement,” issued in April, involving continually confronting the adversary and sharing information with partners. Cybercom in fall 2018 sent troops to Monte­negro, Macedonia and Ukraine to help shore up their network defenses, and the Americans were able to obtain unfamiliar malware samples that private security researchers traced to the GRU, according to officials.” concludes the Washington Post.

“The Cybercom campaign also was part of what Nakasone described in an interview with Joint Force Quarterly as “acting outside our borders, being outside our networks, to ensure that we understand what our adversaries are doing.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Troll factory, US Cyber Command)

[adrotate banner=”5″]

[adrotate banner=”13″]