European space agency confirms 'external servers' breached in cyberattack

News
By published

ESA is investigating the extent of the breach

Person with warning notification and spam message icon on mobile phone
(Image credit: Shutterstock)
  • ESA confirmed cyberattack affecting external servers used for collaborative engineering activities
  • Hacker “888” claims theft of 200 GB data, including source code, tokens, and configs
  • Incident follows last year’s ESA web shop breach involving a credit card skimmer

The European Space Agency (ESA) was hit with a cyberattack earlier this week and apparently lost sensitive data in the process. The agency confirmed the news on X, saying it is currently investigating the incident:

“ESA is aware of a recent cybersecurity issue involving servers located outside the ESA corporate network,” the tweet reads. “We have initiated a forensic security analysis—currently in progress—and implemented measures to secure any potentially affected devices.”

The agency stressed that the compromised servers were “outside the ESA corporate network”, suggesting that they contained data that cannot be labeled as highly sensitive.

“Our analysis so far indicates that only a very small number of external servers may have been impacted,” the tweet further explains. “These servers support unclassified collaborative engineering activities within the scientific community. All relevant stakeholders have been informed, and we will provide further updates as soon as additional information becomes available.”

200 GB worth of data

At the same time, Security Week reports that a cybercriminal with the alias ‘888’ posted a new thread on the infamous BreachForums website, taking responsibility for the breach which, they say, happened on December 18.

As per the announcement, ESA lost 200 GB worth of data, including some from private Bitbucket repositories. In its report, CyberInsider lists these types of files as being nabbed:

  • Source code from private Bitbucket repositories
  • CI/CD pipeline configurations
  • API and access tokens
  • Internal documentation
  • SQL database files
  • Terraform infrastructure code
  • Hardcoded credentials and configuration files

They also posted a few screenshots to prove their claims, but at press time, no one analyzed the samples to see if they are authentic or not.

This is not the first time ESA was struck by hackers, since roughly a year ago, the agency’s website was compromised with a credit card skimmer. Back then, researchers from Sansec spotted a malicious script on ESA’s web shop, and determined it created a fake Stripe payment page at checkout, where it collected customer information.

Payment data, including sensitive credit card information, was also being gathered.

Via Security Week

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.