Space Bears ransomware group is claiming that it obtained internal Comcast material by exploiting a breach at Quasar Inc., a telecommunications engineering contractor based in Georgia.
The claims were published on the group’s dark web leak site. The same leak site also lists Quasar as an independent victim, which indicates the group is presenting two connected incidents rather than a single combined breach.
Who is Space Bears Ransowmare Group
Space Bears appeared in April 2024. Analysts describe the group as a data theft and extortion operation that sometimes applies encryption but often focuses on obtaining sensitive files, removing them from victim networks and demanding payment to suppress publication.
Several research teams link the group to the Phobos ransomware as a service program (RaaS), and the Space Bears leak site is believed to function as a shared publishing point for activity related to that infrastructure.
Claims involving Comcast
In its post referencing Comcast published earlier today, the group says that the information it is holding originated from Quasar Inc. Space Bears states that Quasar produces technical documentation for Comcast and the Genesis program, and that this created an entry point for the material now in its possession. According to the group, the files include city design documentation and detailed utility plans for multiple locations.
Space Bears has set a 6-day timer before it intends to release the material publicly. During that per
Source: https://hackread.com/space-bears-ransomware-comcast-quasar-breach/
Business Technology Solutions cybersecurity rating report: https://www.rankiteo.com/company/bts-solutions
"id": "BTS1765202210",
"linkid": "bts-solutions",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': 'Telecommunications',
'location': None,
'name': 'Comcast',
'size': None,
'type': 'Corporation'},
{'customers_affected': None,
'industry': 'Telecommunications '
'Engineering',
'location': 'Georgia',
'name': 'Quasar Inc.',
'size': None,
'type': 'Contractor'}],
'attack_vector': 'Third-party contractor breach',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Technical '
'documentation, city '
'design '
'documentation, '
'utility plans'},
'description': 'Space Bears ransomware group claims to have '
'obtained internal Comcast material by exploiting '
'a breach at Quasar Inc., a telecommunications '
'engineering contractor. The group published the '
'claims on its dark web leak site, listing Quasar '
'as an independent victim as well. The stolen '
'files include city design documentation and '
'detailed utility plans for multiple locations.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'City design documentation and '
'detailed utility plans',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'Quasar Inc. '
'(third-party '
'contractor)',
'high_value_targets': 'Comcast '
'technical '
'documentation '
'and utility '
'plans',
'reconnaissance_period': None},
'motivation': 'Data theft and extortion',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': 'Sometimes applied',
'data_exfiltration': 'Yes',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': 'Linked to Phobos RaaS'},
'references': [{'date_accessed': None,
'source': 'Space Bears dark web leak site',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Space Bears Ransomware Group',
'title': 'Space Bears Ransomware Group Claims Breach of Comcast '
'via Quasar Inc.',
'type': 'Ransomware'}}