Cyber Incident Victim: Atos

On March 24, 2023, the Cl0p hacking group publicly claimed on the Dark Net to have compromised sensitive data belonging to Atos, a global IT services company. Atos responded the same day with a security statement refuting the group’s assertions, explicitly denying that any ransomware had affected its IT systems or that its broader IT environments had been breached. According to the company, forensic analysis by its internal cybersecurity experts confirmed no unauthorized access to core Atos infrastructure. The incident was instead attributed to the exploitation of a zero-day vulnerability in a specific file transfer application: a Nimbix-branded service hosted on GoAnywhere MFT, a Managed File Transfer platform. Atos stated this exposed system was isolated from its primary networks and contained only standard operational data from Nimbix, a U.S.-based cloud computing firm acquired by Atos in 2021. The compromised data originated from a backup folder dated 2016, suggesting historical rather than current operational information was affected.

The investigation revealed Cl0p leveraged the GoAnywhere MFT vulnerability—a previously unknown flaw publicly linked to the group—to access the Nimbix application. Atos emphasized that the breach scope was confined to this standalone system, with no evidence of lateral movement into other company assets. While the exact nature of the exposed “standard data” was not detailed, Atos initiated direct communications with clients potentially impacted by the leak. The company maintained continuous monitoring for further anomalies and committed to providing updates should new evidence contradict its initial findings. Atos framed its response as proactive and contained, underscoring the absence of operational disruption or ransomware deployment despite Cl0p’s claims. No additional technical specifics regarding data volume, client categories, or forensic methodologies were disclosed in the statement.