An advanced ransomware gang labeled as “Space Bears” has claimed responsibility for stealing crucial proprietary details owned by global telecommunications firm Comcast. The hacker made this claim on their dark web leak website, noting that Space Bears reportedly accessed Comcast’s network via a third-party vendor’s platform.
Notably, this incident underscores the serious and growing risk introduced by weaknesses in supply chain companies, as the security of many massive corporations greatly depends on the strength of their smaller parties.
This isn’t an isolated strategy. The same method of targeting a major corporation through its vendors was used recently when the RansomHouse gang breached the Italian textile giant Fulgar via a similar supply-chain weakness, exposing sensitive data on the dark web.
Independent investigations of the looted documents reportedly include the city design and the comprehensive utility plan. Thus, this latest hack might be a notable cybersecurity issue for the telecommunications giant.
The Space Bears Ransomware Gang
The Space Bears gang first appeared last year and quickly became notorious for its link to the Phobos Ransomware-as-a-Service (RaaS) operation. The group specializes in data extortion and exfiltration, often bypassing traditional encryption and focusing on stealing critical documents.
After taking the data, they demand payment to stop the stolen files from being published. According to the recent report, the group’s latest attack on Comcast appears to be a supply chain breach.
As stated on Space Bears’ leak site, the group was able to access and steal the data because Quasar Inc. handles the technical documentation for both Comcast and its Genesis project.
It is worth noting that Quasar Inc. is an independent telecommunications engineering company that facilitates sensitive operations like GIS-based project design, network architecture planning, permitting, and field documentation.
Due to the firm’s direct association in both planning and designing of infrastructure for Comcast’s overall networks, this means that the firm managed the specific kind of internal, extremely sensitive schematics that competitors and threat actors would greatly value.
Notably, the hacker group particularly alleges that the documents they had exfiltrated comprise “Comcast’s design documentation for various cities and comprehensive utility plans.”
Comcast’s Persistent Threat Landscape and Extortion Plans
This recent hack against Comcast emerges from Space Bears’ aggressive extortion techniques. As stated earlier, the ransomware gang has set a six-day countdown before publishing the exfiltrated Comcast documents to the darknet or selling them to malicious actors.
The attackers use a time-limited threat to pressure the firm into quickly paying the ransom to stop the exposure of sensitive files.
In addition to its nefarious actions, the Space Bears group is also advertising access to the stolen data for buyers on the darknet. Although Comcast did respond, it appears the group will monetize this theft. The implication is that the main purpose of this group was to make money for themselves through the theft of the data itself.
A noteworthy aspect of this story is how this situation has brought Comcast back into the Cyber News arena after being the target of many well-known cyber attacks. This pattern of major institutions facing data leaks was recently seen in the breach of France’s Sorbonne University.
Medusa, another ransomware group, targeted Comcast in September 2025, during which they stole 834 GB of internal documents from Comcast. The hackers demanded Comcast pay $1.2 million in ransom for the return of the stolen information; however, when Comcast refused the ransom demand, Medusa released the documents the following month.
