Previously secret documents show why and how the U.S. military publicly releases the hacking tools of its cyber adversaries.
Cyber Command, or CYBERCOM, publishes the malware samples onto VirusTotal, a semi-public repository that researchers and defenders can then pore over to make systems more secure.
The document provides more insight into how the U.S. military is engaged in an unusually public-facing campaign, and in particular highlights one of the reasons CYBERCOM wants to release other nation's hacking tools: to make it harder for enemy hackers to remain undetected.
A previously secret section of one of the CYBERCOM documents reads "Posting malware to VT [VirusTotal] and Tweeting to bring attention and awareness supports this strategy by putting pressure on malicious cyber actors, disrupting their efforts." Motherboard obtained the redacted documents through a Freedom of Information Act (FOIA) request to CYBERCOM.
CYBERCOM started publishing malware in 2018, with one sample coming from Russian-linked hacking group APT28. It has since released malware from North Korean hackers.