**Space Bears Ransomware Group Claims Breach of Comcast via Quasar Inc. Contractor**
The ransomware group Space Bears, which surfaced in April 2024 and is affiliated with the Phobos ransomware-as-a-service (RaaS) operation, has claimed responsibility for obtaining internal Comcast materials through a breach at Quasar Inc., a telecommunications engineering contractor. The group posted its claims on a dark web leak site, listing Quasar as a separate victim, indicating two interconnected incidents rather than a single breach.
According to Space Bears, Quasar produced technical documentation for Comcast’s Genesis program, which the group exploited to access sensitive files. The compromised data allegedly includes city design documentation and utility plans for multiple locations, with a six-day countdown set for potential public release or sale. Additionally, the group claims to have exfiltrated network project documents, city drawings, and internal materials from Quasar itself, with a four-day deadline for that dataset.
Comcast, a frequent target for extortion groups, has faced prior incidents, including claims from Medusa and previous vendor-related data exposures. This latest breach underscores the growing risks of third-party vendor compromises, where a contractor’s security failure can expose a larger organization’s sensitive infrastructure data. The incident also reflects the escalating value of telecommunications and utility-related data for cybercriminals.
pureIntegration cybersecurity rating report: https://www.rankiteo.com/company/pureintegration
"id": "PUR1765325019",
"linkid": "pureintegration",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Telecommunications',
'name': 'Comcast',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'Telecommunications Engineering',
'name': 'Quasar Inc.',
'type': 'Contractor'}],
'attack_vector': 'Third-party vendor breach',
'data_breach': {'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Technical documentation',
'City design documentation',
'Utility plans',
'Network project documents',
'City drawings',
'Internal materials']},
'description': 'The ransomware group Space Bears claims to have obtained '
'internal Comcast materials by exploiting a breach at Quasar '
'Inc., a telecommunications engineering contractor. The group '
'alleges the compromised files include city design '
'documentation and detailed utility plans for multiple '
'locations. Separately, Space Bears also claimed to have '
'obtained network project documents, city drawings, and '
'internal materials from Quasar Inc.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive infrastructure '
'data',
'data_compromised': 'City design documentation, detailed utility '
'plans, network project documents, city '
'drawings, internal materials'},
'initial_access_broker': {'data_sold_on_dark_web': 'Potential (timer set for '
'public release or sale)',
'entry_point': 'Quasar Inc. (telecommunications '
'engineering contractor)',
'high_value_targets': "Comcast's Genesis program, "
'infrastructure-related data'},
'lessons_learned': 'Significant risks associated with third-party vendor '
"breaches, where a contractor's security lapse can lead to "
"the compromise of a larger entity's sensitive data. "
'Highlights the increasing value of infrastructure-related '
'data for cybercriminals.',
'motivation': 'Extortion',
'post_incident_analysis': {'root_causes': 'Third-party vendor breach (Quasar '
'Inc.)'},
'ransomware': {'data_exfiltration': 'Yes',
'ransomware_strain': 'Phobos (Ransomware-as-a-Service)'},
'references': [{'source': 'HackRead'}],
'threat_actor': 'Space Bears',
'title': 'Space Bears Ransomware Group Claims Breach of Comcast via Quasar '
'Inc.',
'type': 'Ransomware'}