Flurry of biopharma cyber-attacks driven by COVID

Non-profit organization BIO-ISAC has called for drugmakers to review their cybersecurity after disclosing an attack targeting a biomanufacturing facility earlier this year.

BIO-ISAC, an organization launched in August to provide early-warning and education of digital biosecurity threats, announced an undisclosed biomanufacturer was involved in an advanced persistent threat (APT) attack named Tardigrade in Spring 2021.

“Through the subsequent investigation, a malware loader was identified that demonstrated a high degree of autonomy as well as metamorphic capabilities. In October 2021, further presence of this malware was noted at a second facility,†the non-profit member organization said in a statement.

Image: Stock Photo Secrets

Charles Fracchia, founder of biological dataset firm BioBright and member of the BIO-ISAC, could not disclose the victims of this attack when asked.

“We take anonymity of the disclosures very seriously and want to incentivize the whole field to share pre-competitive information with each other,†he told BioProcess Insider. “This is a proven method to improve the security of all parties in the field.

According to Fracchia, this sort of attack is not uncommon within the sector though “it is difficult to tell precisely as most cyberattacks will go unshared. However, it is notable that a major India-based biomanufacturing company – Dr Reddy’s – reported an attack in October 2020.â€

However, he said BIO-ISAC believes Tardigrade to be the first time that such a sophisticated set of tools were involved in an attack in the sector.

While BIO-ISAC will not comment on the specific actors behind the Tardigrade attack nor other attacks, Fracchia did say a “flurry of activity in this space†correlated with the race to develop COVID-19 vaccines and therapeutics.

In February 2021, South Korea’s intelligence agency accused North Korean state-backed actors of trying to steal information on COVID vaccines by hacking Pfizer, though this is thought to be a different incident from December 2020, when the European Medicines Agency (EMA) announced it had been the subject of a cyberattack with some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate being accessed by hackers.

Meanwhile, China and Iran are among other states accused by the US of attempting to illegally access COVID-19 vaccine and therapeutic during the first year of the pandemic.

Such threats can be combatted through non-competitive threat information sharing, said Fracchia. “In a nutshell, working with the biopharma community to enhance information sharing and coordination against emerging threats.â€

He continued: “Companies are gambling their very survival. The industry needs reliable and predictable production capabilities if it is to continue to rise to the challenge that the pandemic presents.â€