Security News > 2021 > November > Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers

Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers
2021-11-29 16:37

An APT has attacked two separate vaccine manufacturers this year using a shape-shifting malware that appears at first to be a ransomware attack but later shows to be far more sophisticated, researchers have found.

Dubbed Tardigrade by the Bioeconomy ??Information Sharing and Analysis Center, the attacks used malware that can adapt to its environment, conceal itself, and even operate autonomously when cut off from its command-and-control server, according to a recent advisory released by BIO-ISAC. The first attack was detected at a "Large biomanufacturing facility" in April, with investigators identifying a malware loader "That demonstrated a high degree of autonomy as well as metamorphic capabilities," according to the advisory.

According to BioBright, a biomedical and cybersecurity firm and BIO-ISAC member, researchers determined that the malware used in the Tardigrade attacks is a variant of the SmokeLoader family with metamorphic capabilities.

While previous SmokeLoader versions researchers have seen were externally directed by C2 infrastructure, the variant used in the Tardigrade attacks "Is far more autonomous" and can direct its own lateral movement, according to BIO-ISAC. The malware also can elevate its privilege to the highest level immediately by impersonating a client technique, according to the advisory.

"These manufacturers have to be able to detect malware such as Tardigrade and remediate before it does significant harm."

Though there isn't direct evidence to prove that the Tardigrade attacks were specifically targeted against the vaccine effort, their complexity and sophistication shows that hyper-vigilance against any type of attack is needed in the sector, noted another security professional.


News URL

https://threatpost.com/shape-shifting-tardigrade-malware-hits-vaccine-makers/176601/