Tardigrade Malware Targets Biomanufacturing Firms
Issue
30 November 2021
Editor
Dan McCarthy
Editor in Chief
Amery Smock
Date
11/22/2021
-
Analysis
The Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) released an advisory concerning an advanced persistent threat (APT) specifically targeting bioeconomy companies and the biomanufacturing sector [1]. BioBright researchers identified the malware, nicknamed Tardigrade, after a ransomware attack locked computers across a biomanufacturing facility in the spring [2]. Tardigrade is highly customizable, adapts to the environment it infects, and can act autonomously if cut off from the attacker’s command-and-control server. The malware is delivered primarily via phishing emails and infected USB drives [3]. Suspected motivations for attacks include intellectual property theft, persistence, and ransomware preparation.
We recommend scanning networks for indicators of compromise identified by BIO-ISAC. In addition, companies should review their biomanufacturing network to verify proper segmentation between corporate, guest, and operational networks. Companies should also test and perform offline backups for critical biological infrastructure, including ladder logic for biomanufacturing instrumentation, SCADA and historian configurations, and the batch record system. -
Sources
[1] BIO-ISAC Tardigrade Disclosure https://www.isac.bio/post/tardigrade
[2] Wired Tardigrade Article https://www.wired.com/story/tardigrade-malware-biomanufacturing/
[3] Claroty Tardigrade Summary https://claroty.com/2021/11/24/blog-research-what-you-should-know-about-the-tardigrade-biomanufacturing-malware-attacks/
Analyst