Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers

Some security researchers say it’s actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows it’s for real a scary morphic malware that changes its parts and recompiles itself.

An APT has attacked two separate vaccine manufacturers this year using a shape-shifting malware that appears at first to be a ransomware attack but later shows to be far more sophisticated, researchers have found.

Dubbed Tardigrade by the Bioeconomy ​​Information Sharing and Analysis Center (BIO-ISAC), the attacks used malware that can adapt to its environment, conceal itself, and even operate autonomously when cut off from its command-and-control server (C2), according to a recent advisory released by BIO-ISAC.

The first attack was detected at a “large biomanufacturing facility” in April, with investigators identifying a malware loader “that demonstrated a high degree of autonomy as well as metamorphic capabilities,” according to the advisory. In October 2021, the malware was detected at a second facility as well.

“Due to the advanced characteristics and continued spread of this active threat, BIO-ISAC made the decision to expedite this threat advisory in the public interest,” the center said in its advisory. Investigators continue to analyze the attacks and will release

Read More: