- Threat actor claimed to have breached Atos in late December 2024
- The company confirmed the incident involved an “unconnected third-party”
- Adds the threat actors stole documents that “mention” the Atos name
Atos has denied earlier claims of a ransomware attack, noting it was a third party not connected to the company that was actually breached.
In late December 2024, a ransomware actor named Space Bears added Atos to its data leak website, claiming to have compromised an internal company database. However the claims were not backed by concrete evidence, as usual things like ransom demands, or data samples, were missing.
The French IT giant still took the matter seriously, and investigated the allegations, and has now released an update confirming it wasn’t directly breached, but could still feel some consequences of the attack.
Space Bears
“Atos Group today announces that the allegations made by the ransomware group Space Bears of compromising the Atos organization are unfounded,” the announcement reads. “No infrastructure managed by Atos was breached, no source code accessed, and no Atos IP or Atos proprietary data exposed.”
However, the company said external third-party infrastructure, unconnected to Atos, was indeed accessed. “This infrastructure contained data mentioning the Atos company name, but is not managed nor secured by Atos,” the company concluded.
The IT firm also stressed it operates a “global network of more than 6,500 specialized experts and 17 new-generation security operations centers (SOCs) operating 24/7 to ensure the security of the Group and its customers.”
Space Bears is a relatively young ransomware operation, emerging in early 2024. It still managed to add a few high-profile targets to its belt, including Canadian software development company Haylem and two related companies, Un Museau Vaut Mille Mots and Lexibar.
Other December 2024 attacks by the group included Canada’s JRT Automatisation and India’s Aptus.
TechRadar Pro has asked the company for further details last week, but we did not receive an immediate response.
Via The Register