In an environment of heightened threats and digital volatility, government agencies and public sector entities need to meet the now inevitable wave of cyberattacks well-prepared. There can be no room for the element of surprise. And nothing readies teams, strategies, and solutions like comprehensively stress-testing your security defenses with a simulated real-world attack.
In an environment of heightened threats and digital volatility, government agencies and public sector entities need to meet the now inevitable wave of cyberattacks well-prepared. There can be no room for the element of surprise. And nothing readies teams, strategies, and solutions like comprehensively stress-testing your security defenses with a simulated real-world attack.
Government and public-sector entities cannot afford to be sitting ducks, waiting on the defensive for attacks comprising ever-more-sophisticated exploits. They must engage in offensive security tactics to proactively identify potential weaknesses and attack paths before adversaries try to exploit them.
Red teaming, which emulates advanced adversarial methods in real-time, readies security teams’ collective nervous system by using the same tactics, techniques, and procedures (TTPs) as today’s most sophisticated threat actors. Red teaming tools, like Fortra’s Cobalt Strike empower public sector and government red teams to conduct these simulations efficiently and effectively.
Cyberattacks Targeting Government and Public Sector
The Center for Strategic & International Studies lists many cyberattacks on military services, critical infrastructure, and government agencies that occurred between 2006 and present day. Those include:
Ukranian Draft | Attempts to undermine the Ukranian military draft by Russian cybercriminals leveraging information-stealing malware in October 2024.
Military Contracts | Nation-state actors compromised military contracts from South Africa’s Department of Defense in September 2023.
Reconnaissance Systems | In August 2003, Chinese hackers targeted a US military procurement system for reconnaissance to establish covert proxy networks.
The list goes on. As military systems stand on the frontlines of international cyberwarfare, they should be constantly battle-tested to ensure that their defenses remain strong enough to combat frequent and powerful attacks from some of the world’s most advanced cybercriminal organizations.
Public sector utilities, such as those involved in critical infrastructure, are prime targets for both domestic and foreign powers looking to undermine societies and create civil unrest.
One recent example includes an Iranian-linked hacking group known as the “Cyber Av3ngers” attacked a Pennsylvanian municipal water plant by targeting a programmable logic controller (PLC). PLCs control everything from water pressure to chemical levels in US water facilities.
Other incidents were called out as the US Cyber Threat Intelligence Integration Center noted that “Iran-affiliated and pro-Russia cyber actors gained access to and in some cases have manipulated critical US industrial control systems (ICS) in the food and agriculture, healthcare, and water and wastewater sectors in late 2023 and 2024.” This is an ongoing problem with “outdated software, poor password security, the use of default credentials, and limited resources for system updates render[ing] ICS devices vulnerable to compromise.”
According to the Center, other attacks during this time have affected utilities such as energy and telecommunications, along with other critical entities like agriculture, private-sector manufacturing, and education.
In September 2024, cybersecurity firm Huntress discovered a brute-force attack against users of Foundation Software, a solution serving over 40,000 construction pros across the US. Affected subcontractors included HVAC, concrete, and plumbing companies.
According to the IBM 2024 Cost of a Data Breach Report, “The industrial sector experienced the costliest increase of any industry, rising by an average of USD $830,000 per breach over last year.” According to SecurityHQ’s Construction Threat Landscape Report 2024, since the start of the year, the Construction & Building Materials Sector has been the target of at least:
161 ransomware attacks
20 hacktivist attacks
Suppliers are widely exploited victims in construction-based cyberattacks, and increasingly, security measures must take into account the software supply chain as well. As the Report notes: “Along with the physical delivery of materials, machinery, and labor, there is also the exchange of digital information, such as designs and specifications,” within modern construction supply chains.
Even government technology is not impervious to attack. For example, vulnerabilities were found in the US government’s voting machines. Every year, hackers at the DEF CON “Voting Village” hacking event find weaknesses of this sort, but there is typically not enough time to patch them before the next election day. This year was no different. Voting Village co-founder Harri Hursti explained, “If you don’t think this kind of place is running 24/7 in China, Russia, you’re kidding yourselves. We are here only for two and a half days, and we find stuff…it would be stupid to assume that the adversaries don’t have absolute access to everything.”
Red Teaming and Penetration Testing
Just like government-focused criminal hacking efforts are likely running around the clock, security teams defending critical government and public sector assets need to perpetually put cybersecurity defenses to the test. Where that is concerned, it is important to note that both penetration testing and red team engagements are needed here.
Red Teaming
Penetration Testing
Better Together
Government-funded cybersecurity training is one way to upskill your current staff in ethical hacking, malware analysis, and more. Analysts with some background in these areas will be more familiar with the principles and practices underlying vendor-made red team tools and can help their agencies get a running head start. The Federal Virtual Training Environment (FedVTE), a free government cybersecurity training resource, has transitioned to CISA Learning and can serve as a foundation for future red teams and blue teams alike.
Why Cobalt Strike?
Fortra’s Cobalt Strike is leveraged by red teams industry-wide to launch realistic simulated attacks, establishing persistence and capturing information using the same tactics, techniques, and procedures as today’s advanced adversaries.
Using covert channels and powerful post-exploitation agents, Cobalt Strike can imitate an embedded actor within your network. Malleable C2 enabling network indicators keep teams on their toes with the ability to emulate different malware. This makes it difficult to detect or design traditional firewall defenses against.
Bundled with Outflank Security Tooling, Fortra’s red teaming can help government agencies and public sector entities “simulate similar techniques to what some APTs and Organized Crime Groups apply but are not available in public tools.”
Arsenal Kit Customizable tools that users can modify to better emulate real-world techniques, such as custom reflective loaders and an LLVM mutator to break in-memory YARA scanning of sleeping masks.
Covert Communication Malleable C2 profiles, peer-to-peer connections via TCP or SMB, and the ability to egress networks using HTTP, HTTPS, and DNS.
Post-Exploitation Beacon, Cobalt Strike’s signature payload, gathers information, deploys additional payloads, executes arbitrary commands, and more, just like a real attacker would.
Payload Generation Users can customize payloads through Cobalt Strike to best meet their specific needs.
This list is just the beginning. Additional Cobalt Strike features include interoperability with Fortra’s penetration tool Core Impact and Outflank, compatibility with personalized tools and techniques, collaboration with fellow red teamers via team servers, timelines reports, and more.
Every red team engagement not only helps identify security gaps and shore up defenses but expressly benefits the blue teams tasked with defending government entities and the data they protect. By safely testing with red team attacks in real time, blue teams can better analyze potential attack paths and techniques, build bespoke mitigation measures, and implement better-suited monitoring and detection mechanisms so that those techniques will not work again.
In the real world, these improvements are hard-won and typically only come at the back end of a very costly attack. Thanks to red teaming, teams can benefit from this invaluable knowledge without paying the price of a data breach for it.
Want to learn more? Dive into Fortra’s Cobalt Strike, one of the first public red team command and controls frameworks, in this in-depth on-demand demo. Or request a live demo of Cobalt Strike for a more hands-on experience you can test with your team. And don’t forget to check out our Red Team Bundle to see what Cobalt Strike can do when combined with our curated set of offensive security tools, Outflank Security Tooling (OST).
Be prepared with Cobalt Strike.
Red teaming can uniquely prepare government organizations by leveraging all methods of attack available to threat actors; from spear phishing executives to pretexting, phishing campaigns, AI-generated voice calls, hidden ransomware links, and more. However, public sector red teaming requires proper tools.
Fortra’s Cobalt Strike, a sophisticated threat emulation tool, can be utilized by security teams of any maturity level to perform their own red team engagements and adversary simulations. It not only tests internal defenses but informs blue teams of security issues, so they are better prepared.
