9987360054?profile=RESIZE_400xOur friends at the National Defense Transportation Association (NDTA) shared a PowerPoint from the BIO-ISAC that explains recent cyber-attacks on Bio-Manufacturing research and development companies.  A serious APT attack has been identified in the biomanufacturing sector that has been found within a pharmaceutical company that is involved in COVID-19 therapeutics, as well as another pharmaceutical company.

The APT is named Tardigrade and was publicly announced on 22 November 2021.  As with any new APT, this is not currently detectable by anti-viral software and was only found by manual inspection and anomaly detection within the company networks. 

Tardigrade is a sophisticated loader that has autonomous capabilities to alter its code as it moves throughout the network to avoid detection. It is suspected but unconfirmed that a state actor is behind it.  The payload has not been found but the actor appears to want persistence and control of the network.  They have targeted very specific servers across the various networks (lab, manufacturing, corporate) and are likely extracting information like IP or manufacturing protocols, and possibly even manipulating code and systems.

Companies are encouraged to manually inspect their networks for the presence of this APT.  The threat notification that was published on 22 November 2021 by the Bio-ISAC and contains valuable information on what to look for and several recommended actions for biomanufacturers.  See attached PowerPoint.  BIO-ISAC-Tardigrade.pdf

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com     

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings


E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance