A previously unknown hacking group is claimed to be actively targeting biomanufacturing facilities in the U.S. using a new form of malware dubbed “Tardigrade.”
The claim was made this week by the Bioeconomy Information Sharing and Analysis Center. The first alleged attack using Tardigrade is said to have occurred in spring 2021, with a second attack in October.
BIO-ISAC describes the malware as having advanced characteristics and suggests that it’s the work of an advanced threat detection group. Not surprisingly, they also suggest that the APT is likely a nation-state intelligence service.
Espionage is the main aim of Tardigrade, but the malware also causes other issues including network outages.
According to Wired, the attacks may be linked to COVID-19 research. Tardigrade’s functionality includes a Trojan, keylogger, data theft and also establishes a backdoor into targeted systems.
There is some contention, however, as to the origins of the code behind Tardigrade. While BIO-ISAC suggests that it’s based on SmokeLoader, Bleeping Computer reported today that some security researchers claim that Tardigrade is a form of Cobalt Strike HTTP beacon and nothing remarkably new.
“The biomanufacturing industry along with other verticals are so far behind in cybersecurity, making them a prime target for bad actors,” George Gerchow, chief security officer of machine data analytics company Sumo Logic Inc., told SiliconANGLE. “Cyberattacks mostly happen to those that provide easy access or least path of resistance.”
“This is a blatant example of how attackers are focusing on human health during a time of high anxiety, and bioscience is an easy target,” Gerchow explained. “The industry is going to have to move quickly to put proper cyber security controls in place. It is going to be a huge mountain for them to climb as some of the companies in the industry have antiquated technology, lack the proper skill sets, and rely too much on legacy security tools.”
Saryu Nayyar, chief executive officer of security information and event management company Gurucul Solutions Pvt. Ltd., noted that “it’s almost lost in the shuffle as vaccine manufacturers race to develop and certify coronavirus vaccines and boosters, but these enterprises are also being hit with malware attacks designed to cripple manufacturing systems, steal intellectual property and install ransomware.”
Tardigrade, Nayyar added, “turns out to be highly sophisticated, adapting to its environment, escalating privileges and able to make decisions without a command and control server.”