Atos investigating Space Bears hacking group’s cyber attack claims
French technology giant Atos said it is investigating claims of a network intrusion after a hacker group claimed that it infiltrated the company’s internal network and stole confidential corporate data.
Recently, a group of threat actors going by the name “Space Bears” claimed that it hacked into the network of Atos and listed the company as a victim on its data leak site. The group said it gave Atos a deadline of January 7 to pay a ransom, failing which the stolen data will be published online.
🚨🚨🚨Cyberattack Alert ‼️
🇫🇷France - Atos
Space Bears ransomware group claims to have breached Atos.
Ransom deadline: 07th Jan 25. pic.twitter.com/neBpEiWrIP
Acknowledging the group’s claims, Atos said in a statement on its website that it is in the process of investigating the hackers’ claims.
“On December 28, 2024, the Space Bears ransomware group claimed to have compromised an Atos database. At this stage, the initial analysis shows no evidence of any compromise or ransomware affecting any Atos/Eviden systems in any country, and no ransom demand has been received to-date,” Atos said.
“Nevertheless, Atos takes such allegations very seriously. Its cybersecurity team is actively investigating the situation and updates will be provided if there is any change to the information above,” it added.
In March, the Clop ransomware group also claimed that it infiltrated Atos’ internal network, stole confidential data and injected malware into the latters’ systems. Atos refuted the group’s claim at that time, stating that its systems were safe and weren’t infected by malware.
“On March 24, the hacker Group “Cl0p” announced on the Dark Net that sensitive Atos data has been compromised. We want to reassure our clients, suppliers and employees that this is not the case. No ransomware has affected any Atos IT system.
“Our security experts have already concluded that no Atos IT environment has been compromised. The presumed leak is limited to a specific Nimbix file transfer application hosted on GoAnywhere MFT. According to our current investigation, we found that it was only processing standard data from Nimbix, a US company acquired by Atos in 2021.
“Our cybersecurity team has identified a backup folder from 2016 that was presumably exposed, due to a zero-day vulnerability known to be exploited by Cl0p. We are in contact with the clients concerned,” the company said.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543