The Hill reports that suspected Russia-linked threat actors have been leveraging the new Tardigrade malware in attacks against large biomanufacturing firms.
The Bioeconomy Information Sharing and Analysis Center initially identified the malware in a ransomware attack against an unspecified biomanufacturing facility this spring before observing it again in an attack against another facility last month.
"This thing is still evolving; it's still in motion. We're still learning more about this as time goes on, but because it was clear that spread was still active, this is an active threat, and a significant threat, we wanted to accelerate disclosure," said Ed Chung, who is the chief medical officer at BioBright, a member of BIO-ISAC.
BioBright researchers noted the challenges in detecting and removing the Tardigrade malware, which has been made personalized for biomanufacturing organizations.
"It won't run unless it's in a specific environment, which led us to believe that this is specifically made and targeted for biomanufacturing facilities or that kind of medical space," said BioBright Senior Digital Biosecurity Analyst Callie Churchwell.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.