Hackers allegedly linked to Russia hit a major biomanufacturing company last spring in an offensive that could be a precursor to additional attacks on the sector, an industry cyber watchdog said.
Cybersecurity researchers at the Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) said in an expedited advisory that an advanced persistent threat attack also using the Tardigrade malware had been carried out at a second facility. The non-profit did not identify either of the targeted companies. The organization said the malware loader “demonstrated a high degree of autonomy as well as metamorphic capabilities.” It cautioned biomanufacturing sites and their partners to review and fortify, if necessary, their cybersecurity and response procedures.
A BIO ISAC member told The Hill that the cyber attack appears to be tailored to the biomanufacturing industry and difficult to discover and eradicate. “What we can infer from the targeting of this and the complexity of this, this is complexity to a level in this industry that we haven’t seen before. Everyone has to assume that we will be targeted by something like this,” Ed Chung, chief medical officer at biomedical company BioBright, a BIO-ISAC member, reportedly said.
Cyber attack-prompted shutdowns at biomanufacturing facilities can cost more than one million dollars a day, Chung said. “We are discovering more as we go, and discovering more impact and involvement as we go, so it’s clear that this is reaching wider than we want it to, and we want people to know, experts out there in another organization, so we think people really have to know about this,” Chung said.
Hackers Target Healthcare and Medical Research Organizations
The two known attacks on biomanufacturing facilities come as yet another wave of the COVID-19 virus is gaining a foothold worldwide, with cyber strikes continually aimed at healthcare facilities and medical research organizations. This past August, hackers infiltrated an Italian health portal used to schedule COVID-19 vaccination appointments. In February, 2021, North Korean cyber operatives attempted to break into the servers of drug manufacturer Pfizer to steal information on its COVID-19 vaccine.
In a number of instances, hackers in 2020 attempted to break into the World Health Organization’s (WHO) network and other attackers targeted vaccine makers. For example, in December, 2020, North Korean and Russian state-backed hackers intensified cyberattacks on pharmaceutical companies that were working on developing a COVID-19 vaccine. Attacks were levied on seven companies researching vaccines and treatments for the virus in Canada, France, India, South Korea and the U.S. The offensives were set in motion by the Russia-based Strontium crew, also known as Fancy Bear and APT28, and two actors originating from North Korea that Microsoft dubbed Zinc and Cerium.
International and Government Health Organizations Targeted
Earlier in 2020, hackers hit the WHO and the U.S. Department of Health and Human Services. In one instance, “hack-for-hire” cyber crews ensnared individuals in the U.S., the U.K., Bahrain, Canada, Cyprus, India and Slovenia with phishing email invitations to sign up for bogus COVID-19 notifications from the WHO. And, in another event, unknown hackers made public some 25,000 email credentials reportedly belonging to staffers at the National Institutes of Health (NIH), the WHO, the Gates Foundation and others battling COVID-19.