The military branch is reportedly taking advantage of measures in a 2018 defense authorization bill permitting secret online campaigns to "deter, safeguard or defend against" cyberattacks without requiring explicit presidential approval. President Trump, who claimed that Russia had stopped cyberattacks, isn't believed to have been briefed on the malware plants.
Officials have declined to comment on the report, but national security advisor John Bolton said just this week that the US was expanding its potential online targets to warn Russia and others of the potential for retaliation.
The approach could draw mixed reactions. While the US has been accused of going soft on Russia while it plants offensive malware in American infrastructure, there are concerns that this could lead to further digital aggression from Russia, such as using that malware for cyberattacks or making further attempts at election interference. The US is effectively betting that this creates a stalemate, rather than exacerbating an already tense situation.