Tardigrade: The new malware that only targets medicine and vaccine manufacturing plants

According to the Bioeconomy Information Sharing and Analysis Center (BIO-ISAC), multiple facilities dedicated to the manufacture and development of drugs are being attacked by a new malware variant that seems to have very specific targets in the industry. According to the report, the first infection of the malware, known as Tardigrade, was detected in early 2021, remaining active until now.

This first cyberattack targeted a large biomanufacturing facility, although a second installation was attacked with the same malware just a week ago. Experts report that both biomanufacturing plants and their partners are being considered potential targets of this campaign, so it is necessary to take the necessary safety measures.


Cybersecurity specialists have analyzed samples of this malware variant, concluding that Tardigrade is mainly used for espionage, although it would also facilitate other malicious tasks on the affected systems, including interruptions in some functions.

On the other hand, researchers from Wired mention that these attacks could have as their purpose the sabotage of multiple investigations related to COVID-19, a critical scenario considering that dozens of countries are still in the process of vaccination. In addition, experts have discovered that the source code behind Tardigrade is based on the well-known Smoke Loader malware, although its creators could also have used samples of Cobalt Strike.

Although there are still many doubts about this malware, experts do not hesitate to affirm that Tardigrade is a very advanced malicious tool, possibly developed by a highly sophisticated hacking group and sponsored by a state actor, so medical research industry should remain aware on the next step these hackers may take.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.