Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade.

The warning comes from the non-profit Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) which revealed that at least two large facilities working on manufacturing bio-drugs and vaccines have been hit by the same malware this year, in what appear to be targeted attacks.

Charles Fracchia, founder of BioBright and a BIO-ISAC board member, says that Tardigrade is an APT targeting Windows computers in the bioeconomy and biomanufacturing sector “using tools of unprecedented sophistication and stealth.”

Microscope - tardigrade

At first Tardigrade might be mistaken for a (sadly all-too-common) ransomware attack, but what makes it different is its sophistication and autonomy. And – unlike ransomware – if Tardigrade makes any attempts to extort money from its victims they appear to be half-hearted, with much more interest being paid on exfiltrating data and spying on its victims.

Security researchers claim that Tardigrade appears to be a variant of the SmokeLoader malware family, but is far more autonomous – able to decide for itself to select files for modification, and move laterally throughout an organisation and take other actions such as infect USB drives, rather than rely upon a command-and-control centre.

Fraccia told Wired that Tardigrade took things to a new level:

“This almost certainly started with espionage, but it has hit on everything — disruption, destruction, espionage, all of the above. It’s by far the most sophisticated malware we’ve seen in this space. This is eerily similar to other attacks and campaigns by nation state APTs targeting other industries.”

Attacks against pharmaceutical companies and the bioeconomy have happened around the world during the pandemic, as malicious attackers have found the sector to be poorly defended compared to its heightened (Read more...)