Vertel

Summary

Vertel, a Sydney-based managed services provider (MSP), suffered a supply chain ransomware attack by the Space Bears gang in June 2025. The attackers claimed to have exfiltrated SQL databases, client personal information, and financial documents, threatening to publish the data by the end of June. As an MSP serving government and critical infrastructure clients including Airservices Australia, NSW Government, NSW Ambulance, and Icon Water, the breach creates significant downstream risk for all organisations relying on Vertel's services.

What Happened

On 13 June 2025, Vertel detected a cybersecurity incident and immediately commenced response procedures. The Space Bears ransomware operation listed Vertel on its darknet leak site, claiming to have stolen data including SQL databases, client personal information, and financial documents. The leak site listing was viewed more than 1,300 times, indicating high interest in the compromised data.

This is a supply chain attack - the breach of Vertel as an MSP creates cascading risk for all its clients. Managed service providers typically have privileged access to client networks, systems, and data, meaning a breach at the MSP level can expose sensitive information from multiple downstream organisations. Space Bears specifically targeted Vertel's role as a trusted technology supplier to extract data about Vertel's clients across the public and private sectors.

Vertel engaged external cybersecurity experts at CyberCX and incident response firm Atmos to investigate the nature and extent of the breach and determine what data was accessed or stolen. The company worked with relevant government authorities throughout the incident response.

Impact on Individuals

The full impact remains under investigation, but the breach potentially affects individuals associated with Vertel's diverse client base across government and private sectors. Known clients at risk include:

• Airservices Australia - critical aviation infrastructure
• NSW Government - state government services
• NSW Ambulance - emergency health services
• Icon Water - ACT water and sewerage services

As an MSP, Vertel provides network solutions, communications, cloud computing, SaaS, and security services to these organisations, meaning the attackers may have accessed not only Vertel's internal data but also information about client systems, configurations, and potentially client data stored or managed by Vertel.

The attackers claimed to have exfiltrated client personal information and financial documents, though the exact scope and nature of compromised data was still being investigated at the time of disclosure. Affected individuals may include employees, customers, or service users of Vertel's client organisations.

Organisational Response

Vertel confirmed the incident and immediately engaged expert cybersecurity assistance from CyberCX and Atmos. The company launched an investigation to understand the scope of the breach and contacted relevant government authorities. Vertel stated it would directly notify any impacted customers as the investigation progressed.

Despite the cybersecurity incident, Vertel maintained its ability to provide services to customers and clients without disruption, suggesting the attackers focused on data exfiltration rather than system destruction. The company established a dedicated email contact ([email protected]) for incident-related inquiries.

This incident highlights the heightened risk associated with managed service provider breaches. A single MSP compromise can expose dozens of dependent clients, making such attacks particularly attractive to ransomware groups. Space Bears, a relatively new ransomware operation first appearing in April 2024, had accumulated 73 victims by mid-2025, using sophisticated techniques including memory-resident loaders and Base64 obfuscation to evade detection.