Security Notice: APT Attack on Biomanufacturing Facilities
An APT attack has been identified in the biomanufacturing sector. This APT has been found within a pharmaceutical company that is involved in COVID-19 therapeutics, as well as another pharmaceutical company.
The APT is named Tardigrade and was publicly announced on Nov 22nd. As with any new APT, this is not currently detectable by anti-viral software and was only found by manual inspection and anomaly detection within the company networks.
Tardigrade is a sophisticated loader that has autonomous capabilities to alter its code as it moves throughout the network to avoid detection. It is suspected but unconfirmed that a state actor is behind it. The payload has not been found but it’s clear that the actor wants persistence and control of the network. They have targeted very specific servers across the various networks (lab, manufacturing, corporate) and are likely extracting information like IP or manufacturing protocols, and possibly even manipulating code and systems.
Companies are encouraged to manually inspect their networks for the presence of this APT. The threat notification that was published on Nov. 22nd by the Bio-ISAC contains valuable information on what to look for and several recommended actions for biomanufacturers. READ MORE