Space Bears Ransomware Claims Comcast Data Theft Through QuasarBreach

Space Bears ransomware group is claiming that it obtained internal Comcast material by exploiting a breach at Quasar Inc., a telecommunications engineering contractor based in Georgia.

The claims were published on the group’s dark web leak site. The same leak site also lists Quasar as an independent victim, which indicates the group is presenting two connected incidents rather than a single combined breach.

****Who is Space Bears Ransowmare Group****

Space Bears appeared in April 2024. Analysts describe the group as a data theft and extortion operation that sometimes applies encryption but often focuses on obtaining sensitive files, removing them from victim networks and demanding payment to suppress publication.

Several research teams link the group to the Phobos ransomware as a service program (RaaS), and the Space Bears leak site is believed to function as a shared publishing point for activity related to that infrastructure.

****Claims involving Comcast****

In its post referencing Comcast published earlier today, the group says that the information it is holding originated from Quasar Inc. Space Bears states that Quasar produces technical documentation for Comcast and the Genesis program, and that this created an entry point for the material now in its possession. According to the group, the files include city design documentation and detailed utility plans for multiple locations.

Space Bears has set a 6-day timer before it intends to release the material publicly. During that period, it is offering the data for purchase. The group has not provided examples of the alleged Comcast-related files, so independent verification is not possible at this stage.

“The leak was made possible by Quasar Inc., a company that prepares technical documentation for Comсast and its Genesis project. The files contain design documentation for numerous cities, as well as detailed utility plans,” the group said.

Comcast listing on the Space Bears’ dark web leak site (Image credit: Hackread.com)

****Claims involving Quasar Inc.

Quasar Inc. appeared on the Space Bears leak site in a separate post dated 4 December 2025. In that entry, Space Bears claims it obtained documents tied to network projects, city drawings, communication layouts and additional internal material. A four-day countdown is active for the Quasar leak as well, with the group also advertising data access for buyers.

Quasar describes itself as a firm that designs and implements telecommunications networks. Public information lists work related to network architecture planning, GIS-based project design, field documentation, permitting and various forms of technical support. The company’s headquarters address is located in Woodstock, Georgia, and its site states that it carries out work across multiple regions.

Quasar Inc.’s listing on the Space Bears’ dark web leak site (Image credit: Hackread.com)

****Comcast Again****

Comcast continues to attract high interest from extortion groups due to its size and the volume of sensitive information routed through its services. In September 2025, Medusa claimed to have removed 834 gigabytes of internal material from Comcast and asked for a payment of $1.2 million.

The group later released the entire data set in October after no settlement was reached. In 2025, more than two hundred thousand Comcast user credentials appeared on dark web platforms.

In 2023, Xfinity, which is owned by Comcast, experienced a breach linked to a Citrix product flaw that resulted in the exposure of more than 35 million accounts. In November 2025, Comcast received a penalty of one point five million dollars related to another vendor incident.

Hackread.com has contacted Comcast and Quasar Inc. for comment. Responses will be added if provided.