French IT services and consulting company Atos has rejected allegations from ransomware group Space Bears claiming its systems were compromised. However, further details provided by Atos have shifted focus to the breach’s connection with external third-party infrastructure, raising questions about broader cybersecurity challenges.
The allegations surfaced on 28 December 2024, when Space Bears added Atos to its leak site, claiming to have accessed sensitive data. The group issued a deadline of 7 January 2025 for the company to pay a ransom to prevent the release of the purported data. In its initial response, Atos indicated that its internal investigation found no evidence of any compromise or ransomware affecting Atos/Eviden systems in any country, and no ransom demand had been received to date.
Space Bears, active since April 2024, is known for using double extortion tactics. This involves stealing sensitive data to pressure victims into making payments and threatening to release the information publicly if demands are not met. Since its emergence, the group has listed 45 organisations on its leak site, spanning industries such as healthcare, automotive, telecommunications, technology, aerospace, and aviation.
Atos later clarified that the breach was not linked to its own systems but to external third-party infrastructure. The affected system, according to Atos, contained data referencing the company but was neither managed nor secured by it.
“Atos understands that external third-party infrastructure, unconnected to Atos, has been compromised by the group Space Bears,” the company stated. “This infrastructure contained data mentioning the Atos company name, but is not managed nor secured by Atos.”
The company reiterated that its systems remained secure and unaffected. Atos pointed to its global cybersecurity capabilities, which include 17 next-generation security operations centres and over 6,500 specialists, as integral to its efforts to safeguard client data and infrastructure integrity.
Previous cybersecurity incidents of Atos
Atos has a history of encountering cyber incidents. In March 2023, the Cl0p ransomware group exploited a zero-day vulnerability in the GoAnywhere MFT file transfer application used by Nimbix, a US-based high-performance computing (HPC) cloud platform provider acquired by Atos in 2021. The breach exposed a backup folder containing data from 2016 but did not compromise Atos’s internal IT systems. The company clarified that the incident was limited to Nimbix data and did not extend to its broader infrastructure.
Earlier, in 2018, Atos was linked to an attempted cyberattack during its role as IT service provider for the Pyeongchang Winter Olympics. Hackers reportedly deployed the “Olympic Destroyer” malware to target systems months before the event. While Atos investigated a potential breach, it remained unclear whether its systems had been directly affected or if the attack was part of a wider reconnaissance effort targeting Olympic operations.
Read more: French parliamentary committee calls for Atos nationalisation
