French tech giant Atos has played down claims that threat actors have compromised a database, revealing it hasn't received a ransom demand.
In a statement, the company said it was made aware of the claims by the Space bears ransomware group on 28 December, and has launched a probe into the matter.
"At this stage, the initial analysis shows no evidence of any compromise or ransomware affecting any Atos/Eviden systems in any country, and no ransom demand has been received to-date," the firm said in a statement.
"Nevertheless, Atos takes such allegations very seriously. Its cybersecurity team is actively investigating the situation and updates will be provided if there is any change to the information above."
Space Bears is a relatively new ransomware group, having emerged in April last year. Its techniques include direct extortion, double extortion, and free data leaks.
It's aligned with the Phobos Ransomware as a Service (RaaS) group and operates data leak sites on both the onion network and clearnet, where it hosts stolen data and threatens to release it unless its demands are met.
"Additionally, Space Bears employs a unique corporate theme in their operations, using corporate stock images and a "wall of shame" to publicly disgrace victims, adding another layer of pressure and reputational risk," warned anti-ransomware software provider Halcyon.ai in a report.
"The sophisticated and polished online presence of Space Bears, combined with their ties to the Phobos group, suggests a high level of organization and potentially significant financial backing, possibly indicating a well-coordinated international cyber criminal network."
The group has already claimed attacks against at least 34 victims, including Canadian control panel manufacturing and automation company JRT Automatisation, Indian home loan provider Aptus, and Canadian software development firm Haylem.
It also previously attacked Hytera US, a provider of professional communications technologies, disrupting operations and causing data loss, leading to significant financial implications for the company.
One of France's biggest IT companies, Atos specializes in cybersecurity, cloud computing, and digital transformation, and has an annual revenue of around $10.4 billion.
After a number of takeover attempts by private firms, it is currently in negotiations with the French government over a purchase of its advanced computing activities for €500 million.
And this isn't the first time it's been hacked.
Back in 2018, the Winter Olympic Games in Pyeongchang, South Korea, were targeted by malware known as Olympic Destroyer, which reportedly included code containing Atos employee credentials - indicating that the attackers may have penetrated an Atos network the previous year.
More recently, in 2023, there was a minor incident in which a backup folder from 2016 was exposed due to a zero-day vulnerability known to be exploited by the Cl0p ransomware group.
No Atos IT environment was compromised, the firm said at the time, and no ransomware demand was received.
