Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 339, Issue 4IT Vendor NewsSysdig

The FulcrumSec Playbook: How to Detect and Stop the Group Behind the Novo Nordisk Breach

Sysdig, Thursday, June 25th, 2026

Sysdig breaks down FulcrumSec's five-stage attack playbook and how defenders can disrupt it.

The article profiles FulcrumSec, the threat group that breached pharmaceutical firm Novo Nordisk and exfiltrated over a terabyte of data. FulcrumSec follows a predictable five-stage playbook: initial access via exposed credentials or unpatched flaws, credential harvesting, prolonged data collection, exfiltration using legitimate tools, and extortion.

The author stresses that a predictable playbook is a defensible one. Recommended defenses include removing secrets from code, reducing machine-identity permissions, accelerating patching, deploying behavioral detection, and correlating signals across identity, cloud, and runtime layers.

more →  ·  More from Sysdig →