Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang.
Industrial Spy is a hacking group that runs an extortion marketplace where they sell data stolen from compromised organizations.
Yesterday, the hacking group began selling data allegedly stolen from Novartis on their Tor extortion marketplace for $500,000 in bitcoins.
The threat actors claim that the data is related to RNA and DNA-based drug technology and tests from Novartis and were stolen “directly from the laboratory environment of the manufacturing plant.”
The data being sold consists of 7.7 MB of PDF files, which all have a timestamp of 2/25/2022 04:26, likely when the data was stolen.
As the amount of data for sale is minimal, it is not clear if this is all the threat actors stole or if they have further data to sell later.
BleepingComputer emailed Novartis to confirm the attack and theft of data and received the following statement.
“Novartis is aware of this matter. We have thoroughly investigated it and we can confirm that no sensitive data has been compromised. We take data privacy and security very seriously and have implemented industry standard measures in response to these kind of threats to ensure the safety of our data.” – Novartis.
Novartis declined to answer any further questions about the breach, when it occurred, and how the threat actors gained access to their data.
Industrial Spy is also known to use ransomware in attacks, but there is no evidence that devices were encrypted during the Novartis incident.