Thu 09 Jul 2026 / 12:51 ET
Kernel
Security 3 min read

NSA brings back Tailored Access Operations name for hacking unit

The agency reversed part of its 2016 NSA21 reshuffle, restoring a brand tied to its offensive cyber operations and earlier scandals.

Mara Chen-Doyle

By Mara Chen-Doyle / Staff Writer

NSA brings back Tailored Access Operations name for hacking unit
img: The Record

The National Security Agency has restored the Tailored Access Operations name for its premier offensive cyber unit, according to The Record, reversing part of an internal overhaul that had folded the group into a broader structure under the Office of Computer Network Operations.

The change matters inside Fort Meade because names in this corner of government are organizational wiring, not branding fluff. TAO has long referred to the NSA teams that build and run bespoke intrusion tools against foreign targets. The work includes software implants and other methods designed for networks that are difficult to reach through routine intelligence collection.

The Record reported that NSA Deputy Director Tim Kosiba, who previously served in TAO, led the latest reorganization. The move partly unwinds NSA21, a restructuring effort begun in 2016 that moved offensive operations and intelligence collection into larger directorates rather than keeping TAO as a standalone office.

A former NSA employee told The Record, on condition of anonymity, that NSA21 was not viewed as useful by some people inside the agency. The former employee said the agency had been moving developers and operators closer together before the restructure separated them, and said the renewed TAO label reflects nostalgia for a period seen internally as especially productive for operations.

Defense Secretary Pete Hegseth was briefed on the revised structure during a visit last week to Fort Meade, Maryland, home to both the NSA and U.S. Cyber Command. Hegseth later posted an image on X of a TAO hat he had signed.

Other former NSA personnel told The Record that putting operators and tool developers back together could make missions faster and encourage more experimentation, including as artificial intelligence changes how targets defend networks and how attackers look for gaps. The Record also reported that TAO is expected to move into its own building on the Fort Meade campus next month.

An NSA spokesperson told The Record that the restored name carries a strong identity and a record of mission results, and said the agency is using that history to support future work.

TAO’s public reputation is tangled with some of the best-known episodes in U.S. cyber operations. The unit helped develop Stuxnet, the malware used to damage Iran’s nuclear program, according to The Record.

The name also became widely known after the Shadow Brokers, an unidentified online group, advertised stolen NSA hacking tools roughly a decade ago. U.S. officials believed Russia and North Korea later used some of the exposed techniques in destructive attacks. One of the best-known cases was WannaCry in 2017, which used the EternalBlue exploit and spread across 150 countries, affecting 200,000 organizations, according to The Record.

The same period brought a separate criminal case against Harold Martin, a former NSA contractor who worked for Booz Allen Hamilton from 2012 to 2015 and spent time in TAO. Federal prosecutors charged Martin with keeping large amounts of classified material at his Maryland home. He was sentenced in 2019 to nine years in prison, though investigators did not find evidence that he passed the material to anyone else.

This story draws on original reporting from The Record.

More Security/

view all ↗