Biomanufacturing facilities in the US are being actively targeted by an unknown hacking group leveraging a new malware strain.
In a new threat advisory, the Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) revealed that the first attack believed to be launched using this new malware dubbed “Tardigrade” occurred in the spring of this year. At that time, Tardigrade was used in a cyberattack on a large biomanufacturing facility though a second facility was hit using the same malware just last month.
According to BIO-ISAC, both biomanufacturing sites and their partners are “encouraged to assume that they are targets” and should take the necessary steps to review their security and response postures.
As reported by SiliconANGLE, Tardigrade is primarily used for espionage though the malware also causes other issues on the systems it infects including network outages.
In a separate report, Wired noted that these recent attacks may be linked to Covid-19 research as the pandemic has shown just how important biomanufacturing research is when developing vaccines and other medicines.
The origins of the code used in Tardigrade is also up for debate as BIO-ISAC believes the malware is based on Smoke Loader though security researchers that spoke with Bleeping Computer claim that it is a form of the Cobalt Strike HTTP beacon as opposed to an entirely new malware strain.
Due to Tardigrade's advanced characteristics, the malware could have been developed by an advanced threat detection group or even by a nation-state intelligence service.
Regardless of its origin, Tardigrade is quite dangerous and we'll likely find out more regarding this new malware as security researchers and even government agencies delve deeper into its code in an attempt to discover its true origins.