Scoop: FulcrumSec Leaks Novo Nordisk Data After $25M Demand Goes Unpaid (2) - DataBreaches.Net

10 min read Original article ↗

Danish pharma giant Novo Nordisk disclosed a cybersecurity incident last week, and although the firm’s name may not be familiar to everyone, they are a major producer of insulin and semaglutide. Semaglutide is marketed as Wegovy for weight loss and Ozempic for Type 2 diabetes.

In its June 11 update, the firm stated that the incident affected a limited amount of information related to patients participating in some of its clinical trials. As they described it, the information was pseudoanonymized, i.e., the information was not directly linked to any patients by name or other direct identifiers:

Information about identity would therefore require access to underlying information, identifying patients by name etc. This information was not exposed. We therefore do not consider the incident to enable any third party to identify participants in our clinical trials. This communication serves as information only and there is no need for our patients to take any specific action as a result of the incident.

The involved categories of personal data about affected patients include the following:

  • Patient ID (random alphanumeric string) and information on trial participation
  • Sex
  • Year of birth
  • Biomarkers
  • Health/immunogenicity data
  • lifestyle factors, e.g. smoking, alcohol use, BMI

For the benefit of readers who may be unsure what “pseudoanonymized” really means: it means that somewhere there is a master key that contains the patients’ real names and could tie the recorded measures to their real identities.

In this case, it means that the attackers did not get the master key. But what would happen if other attackers or a rogue insider acquired the master key later? Any data leaked now might eventually be tied to real identities – either by a master key or by combining it with other datasets.

FulcrumSec Claims Responsibility

The hack-and-leak group known as FulcrumSec contacted DataBreaches on June 13 to claim responsibility for the incident.

According to information provided to DataBreaches, FulcrumSec first gained access to Novo Nordisk’s network in March, after finding an “exposed high-priv GitHub personal access token in client-side JS on an obscure subdomain. We cloned these repos and searched for additional credentials to move laterally. We found them, and kept finding them in the new data, and kept spidering through their systems in this fashion.”

DataBreaches routinely asks threat actors whether their victims detected them and were able to kick them out. In this case, FulcrumSec answered that Novo Nordisk “were very slow; we had completed exfiltration long before they rotated any credentials. And we kept finding more interesting live creds weeks after they noticed and killed the Github token we used initially. We found the CDD vault, for example, after they knew about the breach but didn’t think to rotate those creds. They never even realized we had compromised their Okta or HuggingFace accounts.”

Overall, FulcrumSec was highly critical of Novo Nordisk’s security:

It was absolutely catastrophic given their stature and access to resources. So terrible that it would also be shockingly bad if they were a ~20m ARR startup. It boggles the mind. We’ve run into tiny companies that detect us within 24 hours, with maybe .01% of the resources Novo has.

Some might suspect that this was just sour grapes on FulcrumSec’s part as they did not get paid, but FulcrumSec told DataBreaches that they estimate they were in Novo Nordisk’s systems for about 2 1/2 months. “They rotated the first GitHub creds sooner than that, but I think even those were active for a month or so.” FulcrumSec’s spokesperson stated.

Because Novo Nordisk declined to provide any additional information at this time, DataBreaches was unable to determine whether it would confirm or refute FulcrumSec’s statements regarding access and their incident response.

Patient Data

According to both Novo Nordisk and FulcrumSec, there was a relatively small amount of patient/research participant data in the exfiltrated data. Approximately 11,500  research participants had pseudoanonymized clinical trial records obtained. The patient/participant data was connected to clinical trials that included:

  • The SELECT trial, which compared once-weekly subcutaneous semaglutide with placebo to prevent major adverse cardiovascular events over up to 5 years. The vast majority (about 11,o00) were from this trial. For the 1,370 participants who stopped treatment, about 1,067 did so due to adverse events.
  • Other participants were from the FLOW trial, which tested the effectiveness of once-weekly subcutaneous semaglutide in patients with chronic kidney disease and Type 2 diabetes mellitus; the SOUL trial, which tested the cardiovascular efficacy of oral semaglutide in people with Type 2 diabetes and established atherosclerotic cardiovascular disease and/or chronic kidney disease; and the FOCUS trial, which investigated the long-term effects of semaglutide on diabetic eye disease, specifically diabetic retinopathy.
  • Another 475 patients were in the ONWARDS trial, which is the Icodec once-weekly insulin program. Their records contained: age, sex, body weight, diabetes duration, glucose baseline, and 13 metabolic parameters per patient, modeled to ten decimal places. The patients ranged in age from  27 to 84, weighed between 44 and 140 kilos, and had diabetes duration from six months to 41 years.
  • Two other patients were in the Mim8 (denecimig) study, which evaluated the efficacy and safety of once-weekly or once-monthly subcutaneous therapy for Hemophilia A.

The pseudoanonymized records included adverse events experienced by some participants, such as nausea, hematuria, injection site pruritus, diarrhea, polyarthralgia, or allergic reaction. There is nothing secret about such reports; investigators share this data with regulators and in their research reports.

Healthcare Professionals Data

Some data from healthcare professionals was also acquired by the threat actors. According to Novo Nordisk’s notification to healthcare professionals (HCPs), the types of personal data included:

  • Name and registration number
  • Email
  • Phone number
  • WhatsApp details
  • Office location

Although Novo Nordisk will be notifying those affected, FulcrumSec informed DataBreaches that they are not leaking any of the HCP information as part of their harm-reduction policy.

Intellectual Property

In addition to exploring semaglutide’s efficacy in treating a range of conditions, Novo Nordisk has been assessing the efficacy of next-gen weight-loss medications. Amycretin, a glucagon-like peptide-1 (GLP-1) and amylin receptor co-agonist, produced greater weight loss than Wegovy (semaglutide) and advanced to Phase III testing after also showing better results than CagriSema, another treatment being tested.

FulcrumSec claims to have acquired some of Novo Nordisk’s intellectual property, including details on Amycretin, semaglutide, and CagriSema. They also claim to have acquired:

  • 5 undisclosed drug programs that don’t appear on their pipeline page, in any SEC filing, or anywhere public
  • 41,144 proprietary compound structures with SMILES — the actual molecules
  • Lead compounds at sub-nanomolar potency with full safety pharmacology data showing exactly why earlier series were killed
  • The complete Dicerna RNAi pipeline ($3.3B acquisition): 5 delivery platforms, 32 gene targets, and exact siRNA modification patterns. 
  • 24 private AI models (~1.1TB of them), including a nanobody discovery engine, a patent-drafting LLM, and a clinical omics model.

FulcrumSec informed DataBreaches that they deployed a team of AI agents to conduct a deep dive into the private AI models. There were actually 32 (not 24), and the agents were instructed not to exaggerate sensitivity. Their report was then passed for adversarial review/critique by different models.

FulcrumSec shared the final report with DataBreaches, which has decided not to report it here. We note, however, that FulcrumSec believes the exfiltrated data and the AI-generated analysis could save other researchers or competitors  3-5 years of program development.

Ransom

Given that Amycretin is likely to be a very lucrative product for Novo Nordisk in the near future, and that other intellectual property may also have great future commercial value, it may seem a bit surprising that Novo Nordisk declined to pay any ransom.

FulcrumSec’s initial demand was for $25 million. In their first email to Novo Nordisk on June 1, they wrote, in part:

Dear Novo Nordisk Leadership,

We are the attackers you have been trying to evict from your cloud environments for the past several weeks.

First of all, as a peace offering, we would like to turn over a couple of high-impact credentials you have not yet rotated:

Okta Credential: [redacted by DataBreaches] Domain: [redacted by DataBreaches].okta.com

HuggingFace Credential: [redacted by DataBreaches] User: [redacted by DataBreaches] Token scope: [redacted by DataBreaches]
[write], novonordisk-red [read] Private access: 24 models, 57 datasets, 3 spaces

To set the groundwork for productive talks, we give you our word that from this point forward, we will cease all activity in your systems.

Please note that we did not utilise the write access provided by these credentials, or the many others that were in our possession for more than a month before rotation. We are not vandals; we came for data and nothing more.

It has been a fruitful operation.

They then attached a complete file list to the email, adding:

700,717 files. 1.3 terabytes. You can select any number of files from this list and we will send them as proof of possession.

Before we get into the details, there is a matter we would like to address up front.

During exfiltration of your source repositories, we obtained manufacturing OT data — PLC addresses, SCADA system tags, and OPC-UA configurations for your production facilities, including what appears to be active chromatography and purification control systems at Hillerød and Bagsværd. We want to be clear: we will delete this data regardless of the outcome of these talks.

We are not in the business of endangering patients, disrupting drug supply, or targeting critical infrastructure. We would have deleted it prior to sending this email, but we wanted to ask if you had any preferences regarding the deletion and logging process, so as to increase your confidence that it is really gone. We will then share these logs for your review.

Again, this deletion is independent of any payment, a choice we have made as part of our general harm-reduction strategy.

With that out of the way, let us walk you through what we have…….

The remainder of the email was a lengthy, detailed list of what they had acquired and their understanding of its significance. DataBreaches has decided not to reproduce that list in this post, but simply notes that FulcrumSec appears to have assessed that they had acquired a great deal of valuable intellectual property — enough to warrant a $25 million ransom demand.

But Novo Nordisk didn’t pay. Did FulcrumSec misjudge how valuable the data were, or did the firm decline to pay on ethical or principled grounds?

When asked about any negotiations, FulcrumSec described Novo Nordisk’s negotiator as “just buying time going through the verification process while they prepared to notify.”

DataBreaches emailed Novo Nordisk to ask whether they had decided not to pay as a matter of principle, and whether they were concerned at all about the threat actors leaking any of their intellectual property related to future products. They replied that they were posting all information and updates on their incident update page. “Our investigation is ongoing and therefore we don’t have any additional information to share at this time,” their spokesperson added.

FulcrumSec anticipates publishing its report on the incident tomorrow on their leak site.


Updates of June 16: It seems that at the same time I was posting this story, vx-underground was reporting on Telegram about threat actors who started a leak channel for Novo Nordisk after negotiations with them failed. Those threat actors claim to have acquired some different data than what FulcrumSec shared with DataBreaches, but they also seem to have been negotiating with Novo Nordisk at the same time that FulcrumSec was.  DataBreaches will obviously be trying to find out more about this situation, but it appears that two different gangs may have contacted Novo Nordisk during the same period, both demanding ransom to delete files.

FulcrumSec has now published its own detailed breach report on its dark web leak site. DataBreaches’ follow-up post on the dual groups attacking Novo Nordisk can be found here: “One threat actor demanded $50 million from Novo Nordisk. Another one demanded $25 million. Neither got paid.