MDR
Solutions
Partners
About
Resources
Novo Nordisk cloud and DevOps infrastructure including GitHub repositories, Azure Container Registry, AWS, and Okta environments.
FulcrumSec data extortion group claims 1.3TB theft of drug IP, AI models, source code, and clinical trial data.
Initial access March 2026; over two months dwell time; data leaks began June 15, 2026.
Exposed GitHub Personal Access Token in client-side JavaScript bundles, enabling private repository access and lateral cloud movement.
Long-lived GitHub PAT embedded in public-facing frontend code; no adequate secrets scanning or rotation controls in place.
PAT discovery enabled repo cloning, credential harvesting, and low-and-slow exfiltration across cloud environments over months.
Core operations unaffected per Novo Nordisk; manufacturing and clinical platforms reported as undisrupted.
Significant R&D pipeline exposure; proprietary AI models, drug compounds, and clinical data available for competitive exploitation.
Deprecate long-lived GitHub PATs, enforce secrets scanning in CI/CD, apply least privilege and zero-trust to DevOps environments.
Prepare data extortion playbooks, engage legal/regulatory teams early, enable dark web monitoring for FulcrumSec activity.
Reuters – Novo Nordisk cybersecurity incident disclosure, June 2026. DataBreaches.net – FulcrumSec correspondence and sample leak details. Heise Medien – FulcrumSec data leak at Ozempic manufacturer.
Trusted by clients worldwide
Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.
.jpg)