Enzene Biosciences, a wholly owned subsidiary of Alkem Laboratories Ltd, experienced a cyberattack targeting its U.S. operations, where threat actors compromised business email accounts of certain employees. The attackers exploited these compromised emails to execute a fraudulent transfer of funds, though the exact financial loss remains under investigation. The incident was disclosed in a regulatory filing on May 15, 2025, with Alkem Laboratories engaging independent cybersecurity firms for a forensic analysis.No theft of intellectual property or clinical data was reported, but the attack highlights risks associated with Business Email Compromise (BEC), a common tactic where trusted communication channels are manipulated to initiate unauthorized transactions. The company emphasized transparency and governance by publicly reporting the breach to stock exchanges (BSE and NSE) and cooperating with regulators. While the full financial and reputational impact is still being assessed, the incident underscores the pharmaceutical industry’s vulnerability to cyber threats, particularly those targeting subsidiaries with weaker security controls.
Source: https://thecyberexpress.com/enzene-biosciences-cyberattack/
Enzene Biosciences Ltd cybersecurity rating report: https://www.rankiteo.com/company/enzene
"id": "ENZ2594225112225",
"linkid": "enzene",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Biologics and Biopharmaceutical '
'Manufacturing',
'location': 'United States',
'name': 'Enzene Biosciences Limited',
'type': 'Subsidiary'},
{'industry': 'Pharmaceuticals',
'location': 'India',
'name': 'Alkem Laboratories Ltd',
'type': 'Parent Company'}],
'attack_vector': 'Compromised business email accounts',
'data_breach': {'sensitivity_of_data': 'Moderate (email communications used '
'for fraudulent transactions)',
'type_of_data_compromised': 'Business email communications'},
'date_publicly_disclosed': '2025-05-15',
'description': 'Alkem Laboratories Ltd disclosed that its subsidiary, Enzene '
'Biosciences, experienced a cyberattack targeting its U.S. '
'operations. The incident involved the compromise of business '
'email accounts of certain employees, which were exploited to '
'facilitate an unauthorized financial transaction. The exact '
'financial damage is under investigation. No intellectual '
'property or clinical data was reported stolen, but financial '
'and reputational risks remain a concern.',
'impact': {'brand_reputation_impact': 'High (reputational risk cited as a '
'concern)',
'data_compromised': 'No (no intellectual property or clinical data '
'reported stolen)',
'systems_affected': ['Business email accounts']},
'initial_access_broker': {'entry_point': 'Compromised business email '
'accounts'},
'investigation_status': 'Ongoing (independent cybersecurity firms conducting '
'forensic analysis)',
'lessons_learned': 'The incident highlights the need for stronger '
'cybersecurity reviews across subsidiaries, particularly '
'in high-risk sectors like pharmaceuticals. Business Email '
'Compromise (BEC) attacks remain a significant threat, '
'emphasizing the importance of securing email '
'communications and financial transaction protocols.',
'motivation': 'Financial gain',
'recommendations': ['Enhance email security measures (e.g., multi-factor '
'authentication, phishing training).',
'Implement stricter financial transaction verification '
'processes.',
'Conduct regular cybersecurity audits across all '
'subsidiaries.',
'Improve incident response and communication strategies '
'for transparency.'],
'references': [{'source': 'The Cyber Express'},
{'date_accessed': '2025-05-15',
'source': 'Bombay Stock Exchange (BSE) and National Stock '
'Exchange (NSE) regulatory filing by Alkem '
'Laboratories Ltd'}],
'regulatory_compliance': {'legal_actions': 'Complaints filed with relevant '
'regulatory and governmental '
'bodies',
'regulatory_notifications': ['Bombay Stock Exchange '
'(BSE)',
'National Stock '
'Exchange (NSE)']},
'response': {'communication_strategy': 'Public disclosure to stock exchanges '
'(BSE and NSE) citing transparency and '
'corporate governance',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['Independent cybersecurity firms (for '
'forensic analysis)']},
'stakeholder_advisories': 'Public disclosure to stock exchanges (BSE and NSE) '
'as part of corporate governance.',
'threat_actor': 'Unknown',
'title': 'Cyberattack on Enzene Biosciences Leading to Fraudulent Fund '
'Transfer',
'type': 'Business Email Compromise (BEC)'}