Biomanufacturing companies getting hit by hackers potentially linked to Russia

Large biomanufacturing companies, including those that produce medications and vaccines tied to the COVID-19 pandemic, are being targeted by hackers potentially tied to Russia, researchers disclosed Monday.

The Bioeconomy ​​Information Sharing and Analysis Center (BIO-ISAC) revealed the ongoing effort, which involves a type of malware labeled “Tardigrade” that was first detected following a ransomware attack on an unnamed major biomanufacturing facility this spring.

The same malware was found at a second biomanufacturing facility last month, leading to the release of the information Monday in an effort to raise awareness among other companies in the sector to step up their cybersecurity efforts. 

ADVERTISEMENT

“This thing is still evolving; it’s still in motion. We’re still learning more about this as time goes on, but because it was clear that spread was still active, this is an active threat, and a significant threat, we wanted to accelerate disclosure,” Ed Chung, chief medical officer at biomedical company BioBright, told The Hill. 

Researchers at BioBright, a member of BIO-ISAC, described the hacking effort to The Hill as “A-level,” and cited potential involvement by a foreign government. 

“What we can infer from the targeting of this and the complexity of this, this is complexity to a level in this industry that we haven’t seen before. Everyone has to assume that we will be targeted by something like this,” Chung said.

While the researchers declined to formally attribute the attacks, they noted that the efforts were similar to previous attacks by a hacking group linked to Russia. 

They said that the malware seemed to be tailored for biomanufacturing groups, and was difficult to both detect and get rid of. 

“It won’t run unless it’s in a specific environment, which led us to believe that this is specifically made and targeted for biomanufacturing facilities or that kind of medical space,” Callie Churchwell, senior digital biosecurity analyst at BioBright, told The Hill. 

ADVERTISEMENT

The targeting comes at the tail end of a year in which cybersecurity threats have spiked against most sectors, but particularly health care facilities and medical researchers. 

The European Medicines Agency (EMA), the World Health Organization, and the U.S. Department of Health and Human Services have all come under attack during the course of the pandemic, along with a string of hospital systems

There has also been evidence of increased attacks against groups involved in fighting the COVID-19 pandemic, including researchers and pharmaceutical groups developing vaccines, and against groups involved in the vaccine supply chain.

Both Chung and Churchwell emphasized to The Hill the importance of biomanufacturing groups getting out ahead of the threat, which has the ability to shut down production at facilities and cost over a million dollars lost per day. 

“We are discovering more as we go, and discovering more impact and involvement as we go, so it’s clear that this is reaching wider than we want it to, and we want people to know, experts out there in another organization, so we think people really have to know about this,” Chung said.