The healthcare and medicine sector has always been a target for hackers – every piece of information it processes or produces is incredibly valuable or sensitive. Worse, this sector relies heavily on automation, which creates multiple vectors for an attack to penetrate a security perimeter and spread. Now, it appears that an attack with an unusual transmission method and precise targeting characteristics is working its way through this sector – an unknown group, believed to be an APT from Russia, is going after biomanufacturing companies through malware delivered via flash drive.
The malware is named for a famously indestructible animal, the Tardigrade, and not without reason – it is capable of operating without connection to a command node. When out of connection with its controller Tardigrade autonomously moves through the network of its victim, creating backdoors and extracting data until it makes a connection. Further, if Tardigrade inspects the data its collected to determine if the target is worth infecting – companies who aren’t in biomanufacturing are left alone.
This behavior wouldn’t be unusual for a virus being actively directed by an attacker, but it is unusual for an autonomous attack – it may allow Tardigrade to pass through several victim’s environments before it finds a suitable victim.