U.S. cybersecurity agents blocked the Internet access of a Russian firm that intelligence agencies believed was trying to influence the 2018 U.S. midterm elections, The Washington Post reported on February 26.
Citing unnamed security officials, the daily reported that U.S. Cyber Command cut off Internet access to the St. Petersburg-based Internet Research Agency, an operation that has come to be known as the Russian troll factory and that has been tied to efforts to influence elections in Europe and the United States — including the 2016 U.S. presidential election.
In 2018, a U.S. grand jury indicted the Internet Research Agency, its owner, oligarch Yevgeny Prigozhin, and two other firms controlled by Prigozhin as part of the investigation into Russian meddling in the 2016 election that is being conducted by Special Counsel Robert Mueller. U.S. intelligence agencies believe the Internet Research Agency takes direction from Russian security agencies.
According to The Washington Post, the disruption in Internet access was carried out on Election Day in November 2018 and for a few days afterward as votes were being counted to keep the Internet Research Agency from spreading disinformation aimed at undermining the election results.
The operation was carried out under Cyber Command’s strategy of “persistent engagement” that was issued last April and a presidential order from August that authorized the agency to conduct offensive operations that do not cause death or significant damage.
In late 2018, Cyber Command sent troops to Montenegro, Macedonia, and Ukraine to provide cybersecurity assistance and collect samples of malware believed to have been generated by Russian military intelligence, the GRU.
“The calculus for us here was that you’re just pushing back in the same way that the adversary has for years,” an unidentified U.S. defense official told The Washington Post. “It’s not escalatory. In fact, we’re finally in the game.”
In October 2018, The New York Times reported that Cyber Command was targeting individual Russian agents with direct messages telling them that they had been identified and were being monitored.
Cyber Command was founded in 2009 and it shares a headquarters and leadership with the National Security Agency.