Reportedly, a new malware, identified as “Tardigrade,” is actively targeting the biomanufacturing sector. The threat actors purportedly use this malware to steal data and wage ransomware attacks.
Tardigrade Malware Campaigns
According to a recent advisory from the Bioeconomy Information Sharing and Analysis Center (BIO-ISAC), a new malware is active in the wild in targeted campaigns. Identified as “Tardigrade”, this malware specifically aims at biomanufacturing companies, as evident from its two different attacks this year.
Specifically, the first Tardigrade attack happened on a firm in “Spring 2021” followed by a second attack occurred in October. Given the back-to-back specified incidents, BIO-ISAC decided to quickly disclose this attack publicly for wider benefit. Alerting the relevant firms against this threat, the advisory reads,
At this time, biomanufacturing sites and their partners are encouraged to assume that they are targets and take necessary steps to review their cybersecurity and response postures.
Briefly, this new malware presumably belongs to the SmokeLoader malware family. However, it seems much more advanced as it can work independently of its C&C.
The malware may reach its target systems via phishing emails, physical infections, or infected emails and networks. After that, it immediately establishes persistence yet stealth existence on the target systems via privilege escalation.
Regarding the goals of this malware, BIO-ISAC’s disclosure reads,
-The main role of this malware is still to download, manipulate files, send main.dll library if possible, deploy other modules and remain hidden.
-Espionage, tunnel creation, carry a bigger payload.
Tardigrade seems a potent malware loader as it is compatible with multiple other malware types, such as Cobalt Strike, Ryuk, and Conti.
Technical details about this malware are available in the separate disclosure files at the BIO-ISAC website.
Recommendations For The Vulnerable
Given the severity of the threat and the ongoing activity, the researchers have made numerous recommendations for vulnerable industries. Briefly, these include
- Reviewing biomanufacturing network segmentation
- Involving experts to create ‘crown jewels” analysis of the firm
- Assessing offline backups for key bio-infrastructure
- Inquiring about lead times for the crucial biological infrastructure components
In short, strong vigilance is key to preventing this threat.
This malware is extremely difficult to detect due to metamorphic behavior. Vigilance on key personnel corporate computers is important.
Let us know your thoughts in the comments.