The Space Bears ransomware group has announced that it has acquired internal documents from Comcast by taking advantage of a breach at Quasar Inc., a telecommunications engineering firm located in Georgia. This information surfaced on the group’s dark web leak site, which notably lists Quasar as a separate victim, suggesting the existence of two interconnected breaches rather than a singular incident.
Understanding the Space Bears Ransomware Group
Emerging in April 2024, Space Bears is characterized by analysts as a data theft and extortion operation. While the group occasionally utilizes encryption, its primary focus often revolves around extracting sensitive information, removing it from victims’ networks, and demanding payment to avoid public release. Some research teams connect Space Bears to the Phobos ransomware-as-a-service (RaaS) model, with its leak site serving as a platform for disseminating related activities.
Accusations Related to Comcast
In a recent post about Comcast, Space Bears claims that the acquired data originates from Quasar Inc., which is responsible for producing technical documentation for Comcast’s Genesis program. According to the group, the leaked files contain city design documents and comprehensive utility plans for various locations. To create urgency, Space Bears has set a six-day countdown before intending to publicly release the material. During this timeframe, the group is offering the data for purchase, but has yet to provide evidence of the purported Comcast-related files, limiting independent verification possibilities.
The group stated, “The leak was made possible by Quasar Inc., a company that prepares technical documentation for Comcast and its Genesis project. The files contain design documentation for numerous cities, as well as detailed utility plans.”
Specifics About Quasar Inc.
On December 4, 2025, Quasar Inc. was detailed in a distinct post on the Space Bears leak site. In this entry, the group claims to have procured documents related to network projects, urban schematics, communication designs, and other internal materials. A countdown similar to the one for Comcast’s documents has been initiated for data related to Quasar, with the group also promoting access for potential buyers.
Quasar Inc. positions itself as a designer and implementer of telecommunications networks, focusing on network architecture planning, GIS-based project design, field documentation, permitting, and various forms of technical assistance. It operates from its headquarters in Woodstock, Georgia, and services multiple regions.
Comcast Under Threat Again
Comcast has consistently attracted the attention of extortion groups, primarily due to its significant size and the volume of sensitive data processed through its services. In September 2025, another group, Medusa, claimed to have extracted 834 gigabytes of internal data from Comcast, demanding a ransom of $1.2 million. Following the absence of a settlement, the entire dataset was released in October. Additionally, over 200,000 Comcast user credentials surfaced on dark web platforms in 2025.
Furthermore, in 2023, Xfinity, a subsidiary of Comcast, faced a breach associated with a Citrix product vulnerability that led to the exposure of more than 35 million accounts. In November 2025, Comcast incurred a $1.5 million penalty due to another vendor-related data breach.
Hackread.com has reached out to both Comcast and Quasar Inc. for comments and will update the story upon receiving a response.
