How a single GitHub token bypassed the perimeter of a global pharma giant

Novo Nordisk maintains a multi-layered security infrastructure. The company employs advanced endpoint detection, network segmentation, and a dedicated security operations center. These defenses cost millions of dollars annually. Yet, the entire architecture collapsed because of a single text string on a public-facing website. The breach at the Danish pharmaceutical giant is a case study in the architectural paradox of modern software development. A massive investment in perimeter defense failed because a single authentication token existed in the wrong place.

I spent years communicating with security researchers over Signal and PGP-encrypted channels. Most of them do not look for complex zero-day vulnerabilities in hardened firewalls. They look for the path of least resistance. In the Novo Nordisk incident, the path was a high-privileged GitHub personal access token (PAT) left in client-side JavaScript on an obscure subdomain. This was not a sophisticated hack. It was an exercise in discovery. Once the threat group, known as FulcrumSec, found the token in March, the formal security perimeter became irrelevant. The token provided authenticated access. To the internal systems, the attackers were legitimate developers.

The anatomy of a silent intrusion

FulcrumSec operated inside the Novo Nordisk network for more than two months before detection. During this period, the group used the initial GitHub token to clone private repositories. These repositories contained more than just code. They contained secondary credentials, infrastructure definitions, and internal documentation. This is a common pattern in modern intrusions. An attacker uses a small foothold to harvest more powerful secrets. They do not need to exploit a software bug when they have the keys to the front door.

By the time Novo Nordisk disclosed the incident on June 11, the attackers had exfiltrated 1.3TB of data. This cache included 700,000 files. While the company initially described the impact as limited to pseudonymized patient data and healthcare professional records, the reality appears more severe. The stolen data includes proprietary information on marketed and unreleased drugs, clinical trial research, and internal AI models. FulcrumSec claims the information could save competitors three to five years of development time. This is the definition of a systemic failure. The breach moved from a simple leaked token to the loss of core intellectual property.

Why development pipelines are production systems

Development platforms are the highest-value systems in the modern enterprise. Most security programs fail to recognize this reality. A code repository is no longer a simple storage bin for text files. It is the blueprint for the entire digital environment. It holds the configurations for cloud environments and the deployment pipelines that push code to customers. When an attacker gains access to a repository, they see the wiring of the organization.

Matt Kimpel, a chief information security officer at Magna5, notes that developers have standing access to the systems that matter most. They possess credentials for build pipelines and cloud environments. These systems are upstream of the production environment. If an attacker compromises the code before it is compiled, they control the final product. This makes the developer workstation and the repository more critical than the production server itself. Traditional protections like branch approvals and code reviews assume the person performing the action is a trusted employee. If the identity is compromised, those same controls facilitate the attack.

The invisible risk of machine identities

Organizations treat secrets management as a tooling problem. They buy a vault and assume the problem is solved. The Novo Nordisk incident proves that secrets management is an identity problem. The leaked GitHub token is a machine identity. Unlike human accounts, machine credentials often lack clear owners. They do not have consistent rotation schedules. They frequently lack meaningful monitoring. These tokens persist for months or years without change.

Shane Barney, CISO at Keeper Security, points out that this invisibility turns a single token into a long-term intrusion. When a machine credential carries broad permissions and nobody monitors its usage, an attacker does not need to escalate privileges. The access is already there. The blast radius is the entire environment. This is why the attackers remained undetected for 60 days. They were not breaking into the system. They were using the system as it was designed to be used.

The emergence of secondary threat actors

A second threat group calling itself TheUSERS007 also claimed access to Novo Nordisk systems between June 5 and June 7. This group targeted data related to AI research. This suggests that once a major leak occurs, other actors begin to probe the same infrastructure. A single vulnerability in a development pipeline often indicates broader systemic weaknesses. If one developer leaves a token in a public script, other developers likely follow similar insecure patterns. The attack surface is not a static map. It is a dynamic environment where one mistake invites further scrutiny from multiple adversaries.

This secondary intrusion highlights the risk to internal AI models. These models represent the future of pharmaceutical research. They are built on years of proprietary data and massive computational investment. The loss of these models is not just a data breach. It is a loss of competitive advantage. The digital environment has no physical walls. Once the logic of the system is exposed through source code and model weights, the damage is permanent.

Moving from reactive tools to proactive identity control

To mitigate these risks, organizations must change how they view developer access. A vault is a box for secrets. Identity management is the control of who can open the box and for how long. The goal is to reduce the shelf life of every secret. If a token expires in four hours, a leak in a JavaScript file is a temporary nuisance. If a token lasts for a year, a leak is a catastrophe.

Centralizing secrets management is a necessary step. Every identity in the environment should follow the principle of least privilege. This means a GitHub token should only have access to the specific repositories required for a task. It should not have broad, administrative permissions over the entire organization. Automated rotation ensures that credentials do not outlive their purpose. This discipline does not stop an attacker from finding a token, but it limits what they can do with it.

Practical steps for pipeline security

Organizations should begin with an inventory of non-human identities. Most companies do not know how many API keys or service accounts exist in their environment. You cannot protect what you cannot see. This inventory should include the scope of each key and its last usage date. Many organizations find that a large percentage of their active tokens are no longer necessary. These orphaned secrets are high-value targets for attackers.

Monitoring machine identities is as vital as monitoring human logins. Security teams must baseline normal behavior for service accounts. If a GitHub token usually accesses three repositories from a known IP address and suddenly starts cloning 500 repositories from a different region, the system should trigger an alert. Detection must happen at the identity layer. Patching software is important, but in an era where identities are the primary target, visibility into credential usage is the only way to catch a silent intruder.

Steps for immediate risk reduction

1. Scan all public-facing assets for exposed secrets. Use automated tools to find tokens, API keys, and database credentials in client-side code.
2. Implement short-lived tokens. Replace long-lived personal access tokens with fine-grained, time-limited credentials whenever the platform supports it.
3. Audit repository permissions. Remove administrative access from developer tokens. Ensure that no single token has the power to clone the entire codebase.
4. Enable secret scanning in the CI/CD pipeline. Block any commit that contains a plaintext secret before it reaches the repository.
5. Monitor for anomalous repository activity. Set alerts for bulk cloning or access from unusual locations.

This incident is a reminder that the perimeter has moved. It is no longer at the edge of the network. It exists at the level of the individual token and the specific identity. If you do not manage these identities with the same rigor as your production servers, your defenses are an illusion.

Sources: NIST Cybersecurity Framework, MITRE ATT&CK Framework (Technique T1528: Steal Application Access Token), DataBreaches.net reporting.

Disclaimer: This article is for informational and educational purposes only. It does not replace a professional cybersecurity audit or incident response service.