Photo By Alun Thomas | From left to right, the 91st Training Division cyber injects team at Mojave Falcon 25,...... read more read more
Subscribe
FORT HUNTER LIGGETT, Calif. – The existential threat of cyber warfare is a constant pressure point for the modern Army and one that must be monitored, constantly.
This threat has been a feature of Mojave Falcon 25, with the injection of cyber scenarios intended to disrupt networks and communications, forcing users to react decisively to negate the cyber-attacks.
Spearheading these cyber injects is Maj. Alia Ouali, cyber assessment observer controller/trainer, 91st Training Division, who’s primary role during Mojave Falcon is to observe units receiving cyber inject threats and how they react to them.
“When the cyber injects come down I observe them, but I’m also there to train units on them,” Ouali said. “Before Mojave Falcon kicked off, I made sure all the communication and intel sections knew the processes and drills. I spent a week training them on what a cyber-attack looks like.”
Ouali said one of the main cyber attacks in the exercise came from an insider threat, consisted of scenarios like improper use of thumb drives or hacking into machines remotely.
“Once the network is up and running, the hacker can do anything remotely if the machines are on the network,” Ouali said. “The reserve training units responded perfectly to the first cyber inject, to the dot.”
How they were trained, they responded, Ouali continued, which is the results they wanted.
“They isolated the machines, went through the drills, did everything they were supposed to,” she said. “My cyber officer injected it, I observed it, the units reacted, and the loop was closed when they submitted the cyber incident report to the cyber officer.”
The inclusion of cyber threats into exercises like Mojave Falcon is essential, given the danger and prevalence of such attacks, Ouali said.
“Cyber attackers can get into machines simply via the network, and it only takes someone from the inside,” Ouali explained. “They may not need that – they have their own methods of gaining access and we’re replicating this in a safe and secure manner.”
Helping create the code for the injects was Capt. Stefan Stephenson-Moe, cyber officer, 91st TD, who said his goal was to emulate a hacker group to wreak havoc on the systems of those at the exercise.
"Most of my code was written in powershell and C# since it runs natively on Windows and requires no tools to be installed," Stephenson-Moe said. "I was attempting to emulate a hacker for hire group that was paid by the OPFOR (opposing force) to disrupt US operations in the exercise. Emulating a criminal organization is different than an advanced persistent threat (APT) because unlike an APT you're not trying to be stealthy and steal data, you're being noisy and intentionally disruptive."
Stephenson-Moe spammed the users computers to try and crash their systems with intricate details that made the injects a challenge to defeat.
"Some of my injects included changing the keyboard language so reserve units couldn't type anything, screen popups that couldn't be removed even with Ctrl+Alt+Delete, and spamming the user with message boxes to crash their computer," he explained. "My main objective was to make sure the training units knew that what I was doing to their computer was due to a malicious hacker disrupting their processes and not network issues, or a bug in Windows."
Overall, Stephenson-Moe was happy with the efforts of the reserve units affected by his injects.
"Our main goal was to evaluate the units cyber response and reporting process as well as their initial triage," Stephenson-Moe said. "To my pleasant surprise some of the units performed quite well, one unit even managed to catch my name in one of the logs and that I used PSExec to deploy my inject."
"I believe this exercise improved on previous iterations, as it's one thing to be handed a white card saying a hacker has disabled your keyboard, and another to be unable to type because your input language changed for no apparent reason," he added.
Ouali said if units continue to practice averting cyber threats, it helps them remain vigilant when the real threat arrives – and Mojave Falcon has provided them the platform to do just that
| Date Taken: | 06.08.2025 |
| Date Posted: | 06.08.2025 16:32 |
| Story ID: | 500011 |
| Location: | FORT HUNTER LIGGETT, CALIFORNIA, US |
| Web Views: | 434 |
| Downloads: | 1 |
This work, Cyber threat injects a key element of Mojave Falcon 25, by Alun Thomas, identified by DVIDS, must comply with the restrictions shown on https://www.dvidshub.net/about/copyright.
No keywords found.
