American and Russian shadow cyber war put on hold

The fighters of America’s invisible war rarely emerge from the shadows. And almost never get caught. Unlike the Kremlin’s cyber-army, which has carried out high-profile efforts to disrupt the West with seemingly little care for the repercussions, the military unit based at Fort Meade, Maryland, takes pains not to get discovered and even more pains to avoid ending up in the headlines. However, on Monday it is in the spotlight after Pete Hegseth, President Trump’s defence secretary, ordered them to “pause” operations against Russia amid warming ties between the White House and the Kremlin. Hegseth’s order appears to be another sweetener to Moscow to encourage President Putin to come to the negotiating table and bring the war in Ukraine to an end. The directive is said to have been made even before President Zelensky’s disastrous meeting with Trump in the Oval Office on Friday. No public explanation has been given for the instruction and it is not clear how long the moratorium may last. The US defence department declined to comment. According to The Record, the cybersecurity publication that first reported the news, hundreds or thousands of personnel could be affected. Operations aimed at strengthening Ukraine’s digital defences are likely to be among those to be halted. Former officials told The New York Times that it was common for leaders to order pauses in military operations during sensitive diplomatic negotiations to avoid derailing them. The decision has provoked condemnation from Democrats who accuse Trump of going soft on Moscow. Chuck Schumer, the Senate minority leader, said Trump had given Putin “a free pass” to carry on launching cyberoperations against the US. “Russia continues to be among the top cyber-threats to the United States,” James Lewis, a former diplomat in the Clinton administration and a former UN cyber-negotiator, told The Washington Post. “Turning off cyberoperations to avoid blowing up the talks may be a prudent tactical step. But if we take our foot off the gas pedal and they take advantage of it, we could put national security at risk.” Officials said the operations being paused could include exposing or disabling malware found in Russian networks before it can be used against the US, blocking Russian hackers from servers that they may be preparing to use for their own offensive operations or disrupting a site promoting anti-US propaganda. “I have seen many times when we are in some type of negotiation with another nation, especially if it’s one that is considered an adversary, that we stop operations, exercises, we even cancel speeches sometimes,” said one retired general within Cyber Command. Officials suggested one risk associated with reducing operations was losing track of adversaries. However, a former senior British intelligence operative told The Times that as long as the pause was not too long, it would not have an impact on the US’s ability to remain vigilant towards Russian cyberattacks. “It’s understandable that the US has imposed a temporary pause in its own offensive operations against Russia because of the intensive efforts now under way to get Putin to negotiate an end to the war in Ukraine. For that reason, the move is actually sensible,” the source said. “But that will have no impact on the US Cyber Command’s ability and determination to counter cyber-threats directed at America from Russia,” the source said. America’s cyberoperations, linked to similar capabilities developed in the UK as part of the special intelligence partnership between the two countries, have played a crucial role in stemming a multi-agency state-funded programme by the Russian government to spy on and deliver malicious damage to computer networks, energy grids, transportation systems, personnel files and businesses in the US, Britain and other western allies. The former official said cyberoperations between the US and Russia had proliferated in recent years, making it likely that the temporary suspension would not last for a long period. Both the US and the UK reserve the right to counter foreign cyberattacks with an offensive capability that has been rapidly developed over the years. There is little doubt that the threat from Russia is malevolent and one that, on occasions, has caused extensive disruption in the US. The Russian agencies involved include the Federal Security Service (FSB), the foreign intelligence service and the general staff main intelligence directorate (GRU). The FSB’s “Centre 16” cyber-unit was behind a malicious intrusion programme codenamed Berserk Bear that targeted critical infrastructure facilities in western Europe and North America. Although its agents lurk in the shadows, the US is heavily involved in the invisible war. The most notorious example was the infiltration in 2010 of the Stuxnet malware into Iran’s gas centrifuge systems, severely disrupting its uranium-enrichment programme. In 2019, after Iran shot down an American military drone over the Strait of Hormuz in the Gulf waterway, Trump, in his first term of office, ordered a retaliatory cyberattack against Iranian missile and rocket forces, putting them out of action. The cyberoffensives taken against Russia are highly classified, but officials have never denied they take place. A special unit, “Russian small group”, was established when there were fears of Russian interference in the midterm elections in 2018. It consists of intelligence analysts and cyberspecialists from Cyber Command and the NSA. The unit was maintained to watch for Russian cyberoperations aimed at disrupting the 2020 and 2024 elections. Details of their work, however, remain secret.