A cybercriminal group calling itself FulcrumSec has begun publishing stolen files from Danish pharmaceutical giant Novo Nordisk, the maker of diabetes treatment Ozempic and weight-loss drug Wegovy, after the firm reportedly refused to pay a ransom demand. The leaked material includes clinical trial records and artificial intelligence research assets, according to Security Affairs.
FulcrumSec claims to have exfiltrated approximately 1.3 terabytes of data from Novo Nordisk's systems. According to the group's own statements, it did not encrypt the company's infrastructure — instead pursuing a data-extortion model in which stolen files would be released publicly unless payment was made. With Novo Nordisk reportedly declining to negotiate, the attackers followed through on their threat.
A Growing Pattern of Data-Only Extortion
The incident exemplifies a significant shift in cybercriminal tactics. Rather than deploying ransomware to lock victims out of their own systems — a method that carries greater technical complexity and higher risk of detection — groups like FulcrumSec focus exclusively on exfiltrating valuable data. The leverage comes not from holding systems hostage but from the threat of public exposure.
This approach is simpler to execute and potentially more damaging to victims, particularly in sectors where leaked information carries regulatory, reputational, and competitive consequences. For a pharmaceutical company like Novo Nordisk, clinical trial data and research intellectual property represent some of its most closely guarded assets. The strategic value of that data can easily surpass the operational disruption caused by encrypted systems.
Pharmaceutical Industry Under Siege
The healthcare and pharmaceutical sectors have become prime targets for data-extortion operations. Clinical records contain personally identifiable health information subject to strict regulatory frameworks in the EU, the US, and other jurisdictions. Research data, meanwhile, can represent billions of dollars in development investment.
The stolen materials reportedly include AI research assets — a detail that underscores a growing concern across the industry. As pharmaceutical companies invest heavily in machine learning and AI-driven drug discovery, the datasets powering these initiatives become extraordinarily high-value targets. The very digital transformation efforts designed to accelerate innovation can inadvertently expand the attack surface available to threat actors.
For Novo Nordisk specifically, the company's high-profile product portfolio makes it an attractive mark. The potential exposure of unpublished clinical findings or proprietary research methodologies could carry competitive implications extending well beyond the immediate breach.
What This Means for the Broader Tech Community
The FulcrumSec incident reinforces several lessons for IT professionals across sectors. First, the absence of ransomware encryption does not mean an attack is less severe — data-only extortion can deliver consequences that are equally, if not more, disruptive to a business. Second, as companies consolidate large volumes of sensitive data for AI and research purposes, securing those repositories must be treated as a first-order priority.
Organisations should evaluate whether their data governance frameworks adequately account for the risks of mass exfiltration. Key defensive measures include rigorous data segmentation to isolate sensitive research datasets, granular access controls, and continuous monitoring for anomalous data movement patterns. Incident response plans should also be updated to address scenarios in which data is leaked without any operational disruption to systems.
The full scope of the breach remains unconfirmed. Novo Nordisk has not publicly verified the authenticity of all leaked files, and the long-term regulatory and commercial fallout will depend in part on what the exposed data ultimately contains and how widely it circulates.
一個自稱為FulcrumSec的網絡犯罪團伙,在丹麥製藥巨頭諾和諾德據報拒絕支付勒索款項後,已開始公開其竊取的文件。諾和諾德是糖尿病治療藥物Ozempic(奧澤匹克)及減肥藥物Wegovy的生產商。據Security Affairs報道,洩露的材料包括臨床試驗記錄及人工智能研究資產。
FulcrumSec聲稱從諾和諾德的系統中竊取了約1.3 TB的數據。據該團伙自己的聲明,其並未加密公司的基礎設施——而是採取數據勒索模式,若不付款便公開發布竊取的文件。據報諾和諾德拒絕談判後,攻擊者兌現了他們的威脅。
純數據勒索模式日益普及
此事件體現了網絡犯罪手法的重大轉變。像FulcrumSec這樣的團伙,其重點完全放在竊取有價值的數據上,而非部署勒索軟件鎖定受害者系統——後者技術複雜度更高且被偵測的風險更大。其施壓點不在於挾持系統,而在於威脅公開洩露數據。
這種方法執行起來更簡單,且對受害者——特別是在資訊洩露會帶來監管、聲譽及競爭後果的行業——可能造成更嚴重的損害。對諾和諾德這樣的製藥公司而言,臨床試驗數據和研究知識產權是其守護最為嚴密的資產。這些數據的戰略價值,往往遠超系統被加密所造成的營運中斷。
製藥業成為眾矢之的
醫療保健和製藥行業已成為數據勒索行動的主要目標。臨床記錄包含可識別個人身份的健康資訊,受到歐盟、美國及其他司法管轄區嚴格法規框架的約束。另一方面,研究數據可能代表數以十億計的開發投資。
據報道,被竊材料中包含人工智能研究資產——這一細節凸顯了整個行業日益增長的擔憂。隨著製藥公司大量投資於機器學習和人工智能驅動的藥物發現,驅動這些計劃的數據集成為極具價值的高目標。那些旨在加速創新的數碼化轉型努力,無意中可能擴大了威脅行為者可利用的攻擊面。
具體到諾和諾德,該公司高知名度的產品組合使其成為一個有吸引力的目標。未公開的臨床研究結果或專有研究方法若遭洩露,其帶來的競爭影響可能遠超事件本身的直接衝擊。
對更廣泛科技界的啟示
FulcrumSec事件為各行各業的IT專業人士帶來了幾點啟示。首先,沒有勒索軟件加密並不意味著攻擊的嚴重性降低——純數據勒索帶來的後果可能同等甚至更具破壞性。其次,隨著公司為人工智能和研究目的整合大量敏感數據,保護這些資料庫必須被視為首要任務。
組織應評估其數據治理框架是否充分考慮了大規模數據竊取的風險。關鍵防禦措施包括:嚴格的數據分段以隔離敏感研究數據集、精細化的存取控制,以及對異常數據移動模式的持續監控。事件響應計劃也應更新,以應對數據在系統未受營運干擾情況下遭洩露的情況。
此次洩露事件的完整範圍仍未獲確認。諾和諾德尚未公開驗證所有洩露文件的真實性,其長期的監管和商業影響,部分將取決於最終暴露數據的內容及其傳播的廣泛程度。