US Cyber Force Expands Global Operations in Response to Escalating Threats

In 2024, the United States Cyber National Mission Force (CNMF) significantly intensified its cyber operations, responding to a marked increase in cyber threats, notably from Chinese hackers targeting U.S. critical infrastructure. Morgan Adamski, the executive director of U.S. Cyber Command, disclosed on Friday that the CNMF was deployed over 85 times within the year, conducting operations across at least 80 networks.

This surge in activity represents a notable evolution since the CNMF’s inception in 2014, a response to escalating cyber threats against both domestic infrastructure and Department of Defense operations. “Cyberspace has been defined as a warfighting domain,” stated Adamski at the Cyberwarcon conference in Arlington, Virginia, emphasizing the scale of daily cyber threats, which include an estimated 194 million malicious attacks on Defense Department networks.

As a response to these threats, the CNMF has increasingly collaborated with partner nations. Its missions extend beyond traditional defense, actively engaging in election security and resilience-building operations globally. Adamski indicated that the CNMF has responded to requests from various nations to assist in identifying and mitigating malicious cyber activities affecting their governmental networks.

In stark contrast to the previous year’s operations, the CNMF’s deployment frequency more than quadrupled from just 22 missions in 2023. Since its formation in 2018, there have been only 55 deployments prior to this year’s spike, underscoring a significant shift in operational tempo as Cyber Command adapts to evolving cyber threats.

This upsurge in operations is attributed to heightened threats from foreign adversaries, particularly state-sponsored actors from China, which have intensified their cyber espionage campaigns against U.S. government officials. Ongoing investigations by the FBI have uncovered extensive cyber incursions into U.S. telecommunications infrastructure by actors linked to the Chinese government, who aim to harvest sensitive data while compromising telecommunications networks.

Recent findings presented at Cyberwarcon revealed advancements in the tactics employed by Chinese and North Korean hackers, who have become adept at exploiting vulnerabilities to target Western defense infrastructure and pilfer substantial amounts of cryptocurrency. Analysts from Microsoft elaborated on the specific threat actors, such as North Korea’s “Ruby Sleet” and the Chinese group “Storm-2077,” both of which have employed sophisticated techniques for intelligence gathering and targeting defense industrial complexes within the U.S.

In response to these challenges, Adamski highlighted a strategic shift within Cyber Command to “execute globally synchronized activities” aimed at disrupting Chinese cyber operations. This initiative underscores an urgent call for improved federal collaboration in combating sophisticated espionage campaigns, enhancing public-private partnerships to bolster threat detection and neutralization efforts.