French govt contractor Atos denies Space Bears ransomware attack claims

​French tech giant Atos, which secures communications for the country's military and secret services, has denied claims made by the Space Bears ransomware gang that they compromised one of its databases.

Atos, which has approximately 82,000 employees and an annual revenue of around €10 billion, describes itself as Europe's leading cybersecurity, cloud, and high-performance computing company. 

The company is listed on the Euronext Paris stock exchange and has over 1,200 clients from 70 countries. In November, the French State offered to acquire its Advanced Computing unit for an enterprise value of €500 million and up to €625 million, including earn-outs.

Today's statement comes after the Space Bears cybercrime group claimed on December 28th that it breached Atos' network and stole a company database, which will be published on its dark web leak site next Wednesday.

Space Bears is a relatively new operation that emerged in April 2024. The threat actors use double extortion tactics, stealing sensitive data from victims to pressure them into paying a ransom and threatening to leak the stolen information online if they refuse to pay.

Since April 5th, they've added 45 victims from all over the world and various industry sectors (including healthcare, technology, automotive, telecommunications, aerospace, and aviation) to their leak blog to coerce them into paying ransom demands.

Atos entry on Space Bears's leak blog (BleepingComputer)

​On December 29th, Atos said that initial analysis showed "no evidence of any compromise or ransomware affecting any Atos/Eviden systems in any country" and that the company had received no ransom demand.

When BleepingComputer asked for more details about Space Bears' claims, a spokesperson said updates would be published in the Atos newsroom. Today, the spokesperson told BleepingComputer that the ransomware group's claims of "compromising the Atos organization" are unfounded.

In a new statement issued on Friday, the company added that "no infrastructure managed by Atos was breached, no source code accessed, and no Atos IP or Atos proprietary data exposed."

Atos said that the Space Bears threat actors instead breached unconnected "external third-party infrastructure," which, although stored data mentioning the company's name, was not managed or secured by Atos.

"Atos has a global network of more than 6,500 specialized experts and 17 new-generation security operations centers (SOCs) operating 24/7 to ensure the security of the Group and its customers," the company added today.