Written by Shannon Vavra

The Pentagon once again is sending cyber personnel overseas to gather intelligence to help protect the 2020 presidential elections against foreign interference, the U.S. Embassy in Montenegro announced this week.

U.S. European Command and U.S. Cyber Command are deploying an undisclosed number of defensive cyber-operators to Montenegro in order to gain insights into cyberthreats from adversaries before both the U.S. and Montenegrin elections next year. It’s the second time in as many years the Department of Defense is going through the effort as part of a partnership that’s uniquely poised to provide insights on possible Russian election interference.

Montenegro and the U.S. both have been targeted by the Russian government-linked hacking outfit APT28, or Fancy Bear. If Cyber Command uncovers similar activity again in Montenegro, those insights could inform decisions on how to safeguard the U.S.

“Montenegro is among the first in Europe to face unconventional attacks on its democracy and freedom of choice,” Montenegrin Defense Minister Predrag Boskovic said in a statement. “It is precisely in the face of new challenges with the United States that we seek a way, using their resources, to protect democracy in the Western Balkans from those who would keep this part of Europe in conflicts, setbacks, and economic decline.”

In 2016 and 2017 Montenegro’s government agencies and media outlets were targeted by several different cyberattacks that Montenegro has tied to APT28, one of the same groups behind the 2016 Democratic National Committee breach.

When CyberScoop asked Cyber Command to detail lessons learned from last year and what instructions American service members will be assigned while in Montenegro this year, U.S. officials said only that they would be countering malicious actors on critical networks. The U.S. service members are specifically focused on finding new and unknown malware that could pose a threat to the U.S. or to Montenegro.

U.S. Secretary of State Mike Pompeo said last month the U.S. has been able to protect against the latest Russian malware as a direct result of insights gathered from last year’s collaboration. Russian hackers previously targeted Montenegro with spearphishing attacks that could, for instance, yield technical data for its American allies.

“We’ve been able to develop a patch against the latest Russian malware that now protects millions of devices worldwide,” Pompeo said during a trip to Montenegro’s capital, Podgorica.

When the U.S. deployment ended last fall, Montenegro suggested resuming the partnership, a Cyber Command spokesperson told CyberScoop. The Pentagon effort is scheduled to end by the end of this year, they added.

The “hunt” continues…

These kinds of missions, known as “Hunt Forward” operations, are relatively new for Cyber Command. Last year, along with Montenegro, Cyber Command also deployed personnel to Ukraine and North Macedonia to collect insights into adversarial cyberthreats in preparation for the 2018 midterm elections.

A Hunt Forward mission, which typically sends anywhere between five and 30 U.S. service members to hunt for malware at a time, is broadly defined as an intelligence-gathering one and a protection one.

“The team’s operations are part of efforts to persistently engage adversaries in cyberspace, working to protect critical infrastructure alongside valued partners and allies,” the Cyber Command spokesperson told CyberScoop, adding that they “also generate insights into adversarial cyber threats to the upcoming U.S. and Montenegrin elections in 2020.”

Montenegro also has been working to bolster its own efforts in other ways. It announced last year it would be joining the North Atlantic Treaty Organization’s cyberdefense center in Estonia, for example, which aims to boost information sharing among member nations.

The announcement comes weeks after Russian President Vladimir Putin joked about the prospect of interfering U.S. elections in 2020, saying “I’ll tell you a secret: Yes, we’ll definitely do it. Just don’t tell anyone.”

This news also comes amid warnings from the U.S. intelligence officials that multiple adversaries are seeking to interfere in the 2020 U.S. presidential election. While last year the National Security Agency and Cyber Command jointly ran a task force to counter Russian efforts to interfere in U.S. elections, that so-called Russian Small Group has since been expanded to include fend off threats from Russia, China, Iran, and North Korea.

Aside from Montenegro, it is unclear what other countries Cyber Command may be partnering with moving forward to run Hunt Forward missions. The Montenegro mission is the only Hunt Forward operation ongoing right now. Earlier this year Cyber Command told reporters it had ongoing deployments abroad with multiple allies, which it declined to name. These have each ended at this time.