Tardigrade Targeting Bio-Manufacturing Facilities and Research Centers

Industry: Bio-manufacturing | Level: Strategic | Sources: BIO-ISAC & BleepingComputer

The Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) issued an advisory on hacking group, Tardigrade. The group has been targeting bio-manufacturing facilities and research centers developing vaccines and critical medicine. A specific compromise in Spring 2021, in which a large biomanufacturing facility was impacted and an investigation showed, "a malware loader was identified that demonstrated a high degree of autonomy as well as metamorphic capabilities." The same malware was identified in October 2021 at a second facility. Identified as a version of SmokeLoader , the malware is delivered through phishing or USB sticks. This variant is stealthy, as it can operate without a C2 connection. Reviewing attacks from Tardigrade throughout the year involved various entities such as Düsseldorf University, Americold, Miltenyi Biotec, the European Medicines Agency (EMA), and Ireland's HSE. Given the variety of ransomware and payloads identified, it is likely the group partnered with different operations to provide initial network access.