Dramatized chat logs between GroupSense and the threat actor, known as Oppenh3imer.
Our cyber intelligence team recently engaged with a threat actor who claimed to possess highly sensitive information regarding the intellectual property of SynthoMedica Pharmaceuticals. The threat actor offered access to confidential drug formulas for a substantial price, implying they had potential buyers from other parties. The information provided was a snippet of the formula for one of SynthoMedica's latest medications, which appeared to be genuine but requires further verification.
Our undercover cyber analyst initiated contact with the threat actor on 20 July 2023 after receiving information about the potential leak of SynthoMedica's intellectual property. The threat actor claimed to have obtained access to the confidential formulas of SynthoMedica's medications.
The threat actor was cautious and demanded payment in exchange for sharing evidence of the stolen data. They showcased a snippet of the formula for one of SynthoMedica's prominent medications as proof of their claim. The threat actor asserted that other interested parties were in the picture, and they were prepared to negotiate with the highest bidder. While the authenticity of the provided snippet appears plausible, we recommend further validation before proceeding.
The threat actor demonstrated an astute understanding of the value of intellectual property and its potential worth on the black market. Their willingness to capitalize on sensitive pharmaceutical information suggests a level of sophistication, indicating they might be part of a well-organized cybercrime group or nation-state-sponsored hacking operation.
The actor did mention that they wanted to exchange the IP in person. Upon further investigation, it appears that the actor lives close to one of SynthoMedica’s manufacturing plants in Latvia. This indicates that the actor is an employee. The threat actor displayed a certain level of overconfidence in their ability to keep information exclusive to the highest bidder, raising questions about their reliability and trustworthiness.
The threat actor's claim of possessing SynthoMedica's intellectual property requires thorough verification. While the provided evidence suggests potential legitimacy, caution must be exercised when dealing with such sensitive information. SynthoMedica Pharmaceuticals should take immediate action to strengthen its cybersecurity posture and consider engaging law enforcement to handle this matter further.
Our cyber intelligence team will continue monitoring the situation and work diligently to ensure our client's assets remain secure from any potential cyber threats.
Dramatized chat logs between GroupSense and the threat actor.
Knowing what your organization is up against is half the battle. In our latest report, Cybersecurity Threats to the Pharmaceutical Industry, we review the top threats facing the industry and recommended mitigation strategies. Download the report to: