Atos denies Space Bears' ransomware claims – with a 'but'

updated French tech giant Atos today denied that Space Bears criminals breached its systems - but noted that third-party infrastructure was compromised by the ransomware crew, and that files accessed by the crooks included "data mentioning the Atos company name."

The struggling French IT biz, which provides supercomputing, comms, and cloud services, called Space Bears' claims of an Atos digital intrusion "unfounded" in a January 3 statement.

"No infrastructure managed by Atos was breached, no source code accessed, and no Atos IP or Atos proprietary data exposed," it said.

But then, later in the statement, Atos did admit there may be a sliver of truth to Space Bears' boasts.

On December 28, the ransomware gang added Atos to its leak site and posted a January 7 ransomware deadline for the firm to pay up or see its data dumped.

A day later, Atos acknowledged the criminals' claims, but said its initial analysis "shows no evidence of any compromise or ransomware affecting any Atos/Eviden systems in any country, and no ransom demand has been received to-date."

Today, the French firm added a new advisory, saying it had not been compromised by Space Bears. However, this next part of the statement gives us pause: 

Atos did not immediately respond to The Register's questions, including who owns the third-party infrastructure, if they are an Atos supplier, and if the data with Atos name includes customers' information.

We will update this story if and when we hear back from Atos.

• French state waves up to €625M for Atos's Advanced Computing assets
• Eviden wins €60M Finnish supercomputing award amid Atos turmoil
• How cops taking down LockBit, ALPHV led to RansomHub's meteoric rise
• What do ransomware and Jesus have in common? A birth month and an unwillingness to die

The IT outfit's statement noted that it has a "global network of more than 6,500 specialized experts and 17 new-generation security operations centers (SOCs) operating 24/7 to ensure the security of the Group and its customers." We assume this is to reinforce the not-our-data-not-our-security-breach messaging.

The French government has been attempting to buy parts of Atos' business for months in an attempt to keep the company's IT services out of foreign ownership and also return the company to profitability. 

Most recently, the biz entered into negotiations with the government after receiving a non-binding offer to buy its advanced computing activities for between €500 million ($515 million) and €625 million ($644 million).

In March 2023, the Cl0p ransomware crew claimed to have stolen Atos' data. The company again denied the compromise - with a but. It blamed the leak on Nimbix, a US firm acquired by Atos, and a file transfer app hosted on GoAnywhere MFT.

"Our cybersecurity team has identified a backup folder from 2016 that was presumably exposed, due to a zero-day vulnerability known to be exploited by Cl0p," Atos said at the time. "We are in contact with the clients concerned." ®

Updated to add at 15:50 UTC on January 6, 2025

Atos declined to name the third party involved in the breach, but reiterated that “no Atos IP or Atos proprietary data” was exposed.

“Atos values the confidentiality of its business relationships and will not disclose this information. It is up to the third party to disclose information or not,” an Atos spokesperson said in a January 6 email. “The third party is NOT involved, directly or indirectly, in the provision of Atos services to our customers.”

When asked about the compromised data, including the company name, the spokesperson told The Register that it was all either publicly available info, or “or technical data which contain no sensitive data.”