Security News > 2021 > November > Hackers Targeting Biomanufacturing Facilities With Tardigrade Malware

An advanced persistent threat has been linked to cyberattacks on two biomanufacturing companies that occurred this year with the help of a custom malware loader called "Tardigrade."

That's according to an advisory published by Bioeconomy Information Sharing and Analysis Center this week, which noted that the malware is actively spreading across the sector with the likely goal of perpetrating intellectual property theft, maintaining persistence for extended periods of time, and infecting the systems with ransomware.

BIO-ISAC, which commenced an investigation following a ransomware attack targeting an unnamed biomanufacturing facility earlier this spring, characterized Tardigrade as a sophisticated piece of malware with "a high degree of autonomy as well as metamorphic capabilities." The same malware was then used to strike a second entity in October 2021.

Spread via phishing emails or infected USB drives, Tardigrade is an advanced offshoot of SmokeLoader, a Windows-based backdoor operated by a group known as Smoky Spider and available for sale on underground markets dating all the way back to 2011, with the former possessing capabilities to capture keystrokes, laterally move across the compromised network, and escalate privileges.

What's more, the malware acts as an entry point for additional malware payloads and is engineered to operate autonomously even when cut off from its command-and-control server to carry out its malicious activities.

"This malware is extremely difficult to detect due to metamorphic behavior. Vigilance on key personnel corporate computers is important," the researchers said, adding "Many machines in the sector use outdated operating systems. Segment them off aggressively and accelerate upgrade timelines."

News URL

https://thehackernews.com/2021/11/hackers-targeting-biomanufacturing.html