Atos Group Denies Space Bears’ Ransomware Attack Claims

Atos Group has refuted a recent claim by ransomware group Space Bears that the firm’s database had been compromised by the threat actors.

In a statement issued on January 3, the French IT giant said that the allegations made by Space Bears were unfounded.

“No infrastructure managed by Atos was breached, no source code accessed, and no Atos IP or Atos proprietary data exposed,” the statement said.

However, Atos did note that external third-party infrastructure, which is unconnected to Atos, has been compromised by the group.

“This infrastructure contained data mentioning the Atos company name, but is not managed nor secured by Atos,” the firm said.

Space Bears ransomware group claimed to have compromised an Atos database on December 28. However, the firm said no ransomware demand had been made.

The firm’s cybersecurity team quickly moved to investigate the situation.

Space Bears is a relatively new ransomware group, with the leak site having first appeared in April 2024.

According to analysis by Halcyon.ai, Space Bears quickly gained notoriety for its corporate-themed data leak site and strategic affiliations.

The group is aligned with the Phobos ransomware-as-a-service group and notably use double extortion tactics to pressure victims.

Analysis by cybersecurity consultancy S-RM noted that Phobos teams use this leak site to host the stolen data, however, it remains to be seen whether this is now the exclusive data leak site for the Phobos teams’ operation. 

Victims include US telecommunications firm Hytera US, and CORTEX Chiropractic & Clinical Neuroscience, a healthcare provider specializing in chiropractic care.

Atos Group claims to be a “leader in digital transformation” and has 82,000 employees and boasts annual revenue of €10bn ($10.29bn).

Image credit: Pavel Kapysh / Shutterstock.com