American contract research organization Inotiv disclosed Monday that it became aware of a cybersecurity incident affecting certain of its systems and data earlier this month. Its preliminary investigation determined that a threat actor gained unauthorized access to, and encrypted certain of, the company’s systems, while investigations into the incident are ongoing.
“Upon identifying encrypted systems, the Company took steps to contain, assess, and remediate the cybersecurity incident, including initiating an investigation, engaging external cybersecurity specialists, and restricting access to certain of its systems,” Beth A. Taylor, chief financial officer and executive vice president at Inotiv, disclosed in a Form 8-K filing submitted to the U.S. Securities and Exchange Commission (SEC). “The Company has also notified law enforcement.”
The cybersecurity incident has caused, and is expected to continue to cause, disruptions to certain business operations at the Lafayette, Indiana-headquartered drug development company.
“The incident has temporarily impacted the availability of and access to certain of the Company’s networks and systems, including access to portions of internal data storage and certain internal business applications,” according to Taylor. “The Company is currently working to bring the impacted portions of its systems back online. In addition, and at the same time, the Company initiated its business continuity strategy and has transitioned certain operations to offline alternatives with the aim of reducing disruption to its business.”
While Inotiv is working diligently to restore affected functions and systems, the timeline for a full restoration is not yet known.
She added that the company’s investigation of the cybersecurity incident is ongoing, and the full scope, nature, and impacts, including operational and financial impacts, of the incident are not yet known. Accordingly, Inotiv has not yet determined whether the incident is reasonably likely to have a material impact on the company.
The Qilin ransomware gang has claimed responsibility for the attack, saying it stole about 162,000 files totaling 176GB. While the group has posted data samples on its leak site, the extent of the breach has not been independently verified.
Qilin, also known as Agenda, has evolved into a highly sophisticated Ransomware-as-a-Service (RaaS) platform, offering affiliates customizable malware, including Rust and Go variants, that target Windows, Linux, and VMware ESXi environments, enabling them to conduct double-extortion campaigns with precision and scale.
By the second quarter of this year, Qilin accounted for nearly one-fifth of ransomware incidents in industrial sectors, especially manufacturing, underlining both its aggressive recruitment of skilled affiliates and its rapidly growing footprint across critical infrastructure.
In April, Morphisec Labs detailed a newly discovered remote access trojan (RAT) dubbed ResolverRAT, which employs advanced in-memory execution, runtime API and resource resolution, and layered evasion techniques.
Researchers named it ‘Resolver due to its heavy reliance on runtime resolution and dynamic resource handling, methods that significantly hinder static and behavioral analysis. The decision to name and disclose details about ResolverRAT was driven by multiple confirmed detections targeting Morphisec customers, particularly in the healthcare and pharmaceutical sectors. The most recent wave of attacks occurred in March of this year.
