Cyber Incident Victim: MSPharma

On or around April 26, 2021, the Sodinokibi (REvil) cybercriminal group claimed responsibility for a cyberattack targeting Milan-based pharmaceutical company Mipharm SPA. The group published screenshots of data allegedly stolen from the company's servers, demonstrating unauthorized access to internal systems. The publication occurred on the threat actors' dedicated leak site, though the exact date of the initial intrusion was not disclosed in available reports. DataBreaches.net documented this incident, noting Mipharm.it as one of two pharmacological research firms featured on cybercriminal platforms during this period. The attack formed part of REvil's broader ransomware operations, which typically involved data exfiltration followed by extortion threats. No specific details regarding the compromised data types, encryption of systems, or ransom demands were confirmed in the source material.

Concurrently, the Avaddon ransomware group claimed an attack on MSPharma.com, a Jordan-based entity identified through online research as United Pharmaceutical Manufacturing Co. (operating as MSPharma). Archived leak files prominently featured United Pharmaceutical Manufacturing Co.'s branding, suggesting the potential exposure of corporate documents or proprietary information. DataBreaches.net attempted to contact MSPharma to verify the breach but received no response by the article's publication date. The scope of impacted systems, operational disruption, or data categories affected in the MSPharma incident remained unconfirmed. Both attacks exemplified the targeting of pharmaceutical sector entities by prominent ransomware groups during this timeframe, though neither company's containment measures, incident response actions, or ultimate resolution were publicly detailed in the source material.