Threat Actor: Space Bears | Space Bears
Victim: Atos | Atos
Key Point :
- Atos claims no internal systems were compromised and that the allegations by Space Bears are unfounded.
- The ransomware group Space Bears has been linked to the Phobos ransomware-as-a-service group.
- Atos is facing financial difficulties and is in negotiations with the French government to sell part of its business.
- The company employs over 6,500 cybersecurity experts and operates 17 security operations centers globally.
- The French government is making efforts to retain control over strategic technology assets amid a budget deficit.
Atos, the struggling French technology company that secures communications for France’s military and intelligence services, on Friday dismissed as “unfounded” a ransomware group’s claims to have compromised an internal company database.
The extortion attempt comes as Atos, which employs around 90,000 people, is in negotiations to sell off its advanced computing division to the French State as the company attempts to restructure and avoid financial collapse.
A ransomware group calling itself Space Bears, which has been in operation since last year, named Atos on its darknet site on December 28 alongside a pledge to publish data pilfered from the company on January 8. There are currently just over 30 extortion victims on the Space Bears darknet site, with the first victim appearing nine months ago.
Atos, which is listed on the Euronext Paris stock exchange, initially responded to the criminals claim by stating it “takes such allegations very seriously” and that its cybersecurity team was “actively investigating the situation.” The company said its “initial analysis shows no evidence of any compromise or ransomware affecting any Atos/Eviden systems in any country, and no ransom demand has been received to-date.”
Following this investigation, Atos announced on Friday: “[T]he allegations made by the ransomware group Space Bears of compromising the Atos organization are unfounded. No infrastructure managed by Atos was breached, no source code accessed, and no Atos IP or Atos proprietary data exposed.”
The company’s statement continued that “external third-party infrastructure, unconnected to Atos, has been compromised by the group Space Bears. This infrastructure contained data mentioning the Atos company name, but is not managed nor secured by Atos.”
It stressed that it employs a “global network of more than 6,500 specialized experts” and runs “17 new-generation security operations centers (SOCs) operating 24/7 to ensure the security of the Group and its customers.”
Atos recorded revenues of just over €10 billion ($10.28 billion) in 2023. The company — which is set to bring in its sixth chief executive officer in less than two years in February — was described as “struggling” by Reuters in October, when it reported a 4.4% drop in third-quarter revenue.
As reported by Reuters, the French government — which the news agency reported contracts the company for its military and secret services — is making a “concerted effort to retain control over strategic technology assets within the country.”
However the move to acquire part of Atos is facing challenges from the government’s budget deficit, exacerbated by an ongoing political crisis that has seen France’s credit rating downgraded following the appointment of François Bayrou as Prime Minister in December.
Consultancy S-RM has linked Space Bears to the Phobos ransomware-as-a-service group. Researchers observed a drop in attacks by affiliates of that group last year, before the U.S. Department of Justice announced that its alleged administrator, Russian national Evgenii Ptitsyn, 42, had been arrested in South Korea and extradited to the United States. Ptitsyn appeared in court in Maryland in November, charged in a 13-count indictment, and faces decades in prison if convicted.
Recorded Future
Intelligence Cloud.
Source: https://therecord.media/atos-dismisses-ransomware-claims