Posted on November 28, 2021 at 8:18 PM

Hackers using Tardigrade malware to attack biomanufacturing companies

Cyberattacks have been on the rise recently due to an increase in vulnerabilities on different software. Recently, an Advanced Persistent Threat (APT) attack was conducted on two Biomanufacturing companies.

The attack in question happened in 2021, and it was conducted through a malware loader known as Tardigrade. The details of this malware and its detection on the two Biomanufacturing companies were published by the Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) in an advisory released this week.

Malware is spreading across the sector

The detection of the malware was not the only worrying thing, according to the researchers. The available data showed that the malware was fast spreading across the sector. Moreover, it comes with advanced capabilities that can affect the operations of the affected companies significantly.

The researchers stated that if this malware penetrates across the sector, its objective is to steal intellectual property. In addition, it exhibits a persistent nature in that it can remain on the systems for a long period. The attackers’ motive behind this malware can also extend to ransomware, given the extent and sensitivity of data they can steal.

The investigations conducted by BIO-ISAC were conducted during the spring season this year after a ransomware attack was conducted targeting a Biomanufacturing company. However, the name of the Biomanufacturing company was not revealed during the investigation.

The results of the investigations showed that the malware which was behind this attack was known as Tardigrade. The malware has a sophisticated nature because it allows the attackers to hide their information to steal details from the affected companies without detection.

In the report, the BIO-ISAC researchers stated that this malware came with a “high degree of autonomy as well as metamorphic capabilities. The malware has also shown persistence in being used in different companies because, in October 2021, the same was detected in another Biomanufacturing company.

The ability of this malware to stealthily steal information from company systems and be used in different companies has created a worrisome situation. Biomanufacturing companies must be on the lookout for and adopt advanced cybersecurity measures that will spread Tardigrade across the sector.

Tardigrade malware not linked to any nation or hacking group

Mostly, attacks on Biomanufacturing companies and large global institutions are done by state-sponsored threat actors to steal perpetual property and gain access to information.

However, the Tardigrade malware has not been associated with any known threat actor in the recent case. Despite the malware’s actively spreading nature and advanced capabilities, the threat actors have not left any substantial information that could lead the researchers to link them with any nation.

However, the agency has stated that several features of the recent malware attacks show a similar working model and mode of attack that is attributed to a hacking group based in Russia.

As mentioned severally, Tardigrade is one of the most advanced malware to be detected. The malware compromises the servers of an institution’s systems if a network user opens a phishing email. It can also be spread through an infected USB device.

Tardigrade is also an advanced offshoot of SmokeLoader. This is a backdoor on Windows devices exploited by a threat actor group known as Smoky Spider. The backdoor is one of the oldest malware in the market, as it has been available for sale on the dark web since 2011.

In its initial form, this malware had a processing capability that enabled it to capture keystrokes. It also found a way to move across the entire compromised network and increase its privileges on the systems.

The other feature of this malware is that it can also be used as an entry point for other malware payloads. In this case, it has developed in a manner that allows it to operate with anonymity even when it cannot link back to its command-and-control server. As such, it can continue running malicious activities on the network indefinitely.

Given the ability of this malware to spread across the sector and be used for stealing intellectual properties, companies operating in the biomanufacturing sector are advised to ensure their systems are up to date and that any system vulnerabilities are patched.

Moreover, these companies have also been advised to enforce network segmentation and test offline backups for their critical infrastructure to mitigate the risks.

“This malware is extremely difficult to detect due to metamorphic behaviour. Vigilance on key personnel corporate computers is important. Many machines in this sector use outdated operating systems. Segment them off aggressively and accelerate upgrade timelines,” the researchers stated.