• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

FireEye Penetration Testing Tool Theft A Warning

You are here: Home / General / FireEye Penetration Testing Tool Theft A Warning

In December 2020 the cybersecurity company FireEye publicly stated that a data breach had occurred within their organization, and that the theft of its Red Team tools (Penetration Testing toolkits) were due to a sophisticated threat actor. This may be a state-sponsored actor, as they possessed high capabilities in discipline, operational security and techniques. The attackers were identified as the hacking arm of the Russian SVR foreign intelligence team known as Cozy Bear.

What was Cozy Bear sniffing for?

According to FireEye, the tools that were stolen were mostly network reconnaissance and penetration testing toolkits like Metasploit. However, FireEye assured its clients and the public that these toolkits contained no zero-day vulnerabilities that can be exploited in the future. Furthermore, FireEye has deployed IOC (Indicators of Compromise), detection rules and signatures along with several CVE identifiers for its clients, to help mitigate future attacks from their tools.

FireEye is not underestimating this attack, as they suspect that Cozy Bear may be testing certain techniques or potentially trying to understand FireEye’s client security infrastructure. The endgame of Cozy Bear seems to be bigger than just stealing a bunch of pen-testing toolkits, but that theory has yet to be confirmed.

Aftermath of the breach

On a positive note, this could give Cyber Defensive teams in an organization the ability to come up with new creative tactics to defend against FireEye’s tools, while also creating strategies that deal with enhancements and customization to these tools by other threat actors. Perhaps the biggest lesson from this breach is that nothing is completely secure. A threat actor with the motivation, time and resources will eventually break into a secure system. However, kudos should be given to FireEye for their immediate response and handling of the situation.

For help in building a more secure system and environment, contact us at Agilient for the latest cybersecurity assistance.

Author: Saeed Baayoun, Agilient Consultant

Tweet
Share

General breach,  Cozy Bear,  cybersecurity,  data breach,  FireEye,  hacking,  system security,  threat actor,  WannaCry

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2022 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692