Space Bears ransomware claims Comcast data breach via contractor Quasar Inc.

The ransomware group Space Bears is claiming to have obtained internal Comcast materials by exploiting a breach at Quasar Inc., a telecommunications engineering contractor. These claims were published on the group's dark web leak site, which also lists Quasar as an independent victim, suggesting two connected incidents rather than a single breach, with further coverage provided by HackRead.

Space Bears, which emerged in April 2024 and is linked to the Phobos ransomware-as-a-service program, alleges that Quasar Inc. produced technical documentation for Comcast's Genesis program, creating an entry point. The group claims the compromised files include city design documentation and detailed utility plans for multiple locations. A six-day timer has been set for the potential public release or sale of this data. Separately, Space Bears also claimed to have obtained network project documents, city drawings, and internal materials from Quasar Inc., setting a four-day countdown for that data. Comcast, due to its size, is a frequent target for extortion groups, having faced previous claims from Medusa and data exposures linked to vendor incidents.

This incident highlights the significant risks associated with third-party vendor breaches, where a contractor's security lapse can lead to the compromise of a larger entity's sensitive data. The ongoing targeting of major telecommunications companies like Comcast also points to the increasing value of infrastructure-related data for cybercriminals.

Source: HackRead