Analysis technologypharmaceutical
FulcrumSec: Deep Dive into the Data Extortion Group Exploiting Developer Credential Sprawl
FulcrumSec emerged in October 2025 running pure data extortion with no ransomware component. Confirmed victims include Avnet (1.3TB), youX (300GB), and Novo Nordisk (1.3TB, $25M demand). Their initial access technique — GitHub PATs exposed in client-side JavaScript — is simple, scalable, and rapidly becoming a template for other extortion groups. This deep dive covers their attack chain, operational history, tooling characteristics, and defensive countermeasures.