With the use of a customized malware launcher termed “Tardigrade,” an advanced persistent threat has indeed been associated with cyberattacks on two biomanufacturing enterprises that took place this year. As shown in a report released this week by the Bioeconomy Information Sharing and Analysis Center (BIO-ISAC), the malware is vigorously distributed throughout the industry with the intent of stealing data, remaining persistent for longer durations, and contaminating systems with ransomware.
Tardigrade is a complex piece of malware with “a high level of independence as well as metamorphic skills,” and is controlled by an organization recognized as Smoky Spider according to BIO-ISAC, which began an inquiry after a ransomware attack hitting an undisclosed biomanufacturing plant previously this spring.
In October 2021, the same malware launcher was leveraged to attack another organization. Thanks to its metamorphic characteristics, this malware is exceptionally hard to identify.The “aggressively expanding” attacks have not been connected to a particular cybercriminal or country, however, the NSA warned that the attempts mimicked earlier cyber attacks by a Russian-affiliated hacker gang.
Furthermore, the malware serves as a gateway door for other malware payloads and is designed to run independently also when disconnected from its command-and-control server in order to conduct out its harmful actions.
To counteract the dangers, the security analysts advise the biomanufacturing companies to install software upgrades, impose network segmentation, and check offline backups of important biological infrastructure.