The FulcrumSec Playbook: How to Detect and Stop the Group Behind the Novo Nordisk Breach
Sysdig, Thursday, June 25th, 2026
Sysdig breaks down FulcrumSec's five-stage attack playbook and how defenders can disrupt it.
The article profiles FulcrumSec, the threat group that breached pharmaceutical firm Novo Nordisk and exfiltrated over a terabyte of data. FulcrumSec follows a predictable five-stage playbook: initial access via exposed credentials or unpatched flaws, credential harvesting, prolonged data collection, exfiltration using legitimate tools, and extortion.
The author stresses that a predictable playbook is a defensible one. Recommended defenses include removing secrets from code, reducing machine-identity permissions, accelerating patching, deploying behavioral detection, and correlating signals across identity, cloud, and runtime layers.