Tardigrade Malware Used in Attacks Against Vaccine Manufacturers

In a recent formal advisory to all biomanufacturers, the Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) informed of attacks carried out during 2021 that targeted "vaccine manufacturing infrastructure".

The attacks are attributed to an advanced persistent threat actor or APT. According to BIO-ISAC, the malware used in the attacks against vaccine manufacturing entities was particularly advanced. The threat has been dubbed "Tardigrade", after the spectacularly resilient tiny animals.

Investigation into the attacks has shown that the Tardigrade malware has surprising capabilities, including the ability to adapt to a changing environment, hide its tracks well, and most importantly - operate on its own, without receiving any input from its command and control servers.

When the first attack was being monitored back in April of 2021, the researchers found it was aimed at an unnamed "large biomanufacturing facility". The same malware was later used in a second attack against a biotech entity in October.

This is not the first cyber incident related in some way to Covid-19 vaccine production and the effort to rein in the pandemic in general. When reporting on the incidents and the BIO-ISAC advisory, Threatpost highlighted the recent cyber attack against the Indian company producing Russia's Sputnik vaccine, as just one example.

The Tardigrade malware shares some common features and behaviors with the SmokeLoader backdoor but is much more autonomous and capable of lateral movement without manual input coming from the command and control servers, which is indeed impressive.

Even though it was thought that Tardigrade was Cobalt Strike in a fresh coat of paint, several sources confirmed that the malware was indeed a different beast, having more in common with SmokeLoader than Cobalt Strike.

Every company working in biotech and especially working on Covid-19 related products and vaccines should "assume that they are targets", according to the advisory released by BIO-ISAC.

November 30, 2021

Cyclonis Backup

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.