- ESA confirmed cyber attacks affecting remote servers used for collaborative engineering activities
- Hacker “888” claims theft of 200 GB of data, including source code, tokens and configurations
- The incident follows last year’s ESA webshop breach involving a credit card skimmer
The European Space Agency (ESA) was hit by a cyber attack earlier this week, apparently losing sensitive data in the process. The agency confirmed the news on X and said it is currently investigating the incident:
“ESA is aware of a recent cybersecurity issue involving servers located outside of ESA’s corporate network,” the tweet read. “We have initiated a forensic security analysis – currently underway – and implemented measures to secure any potentially affected devices.”
The agency emphasized that the compromised servers were “outside ESA’s corporate network,” suggesting that they contained data that could not be described as highly sensitive.
“Our analysis so far indicates that only a very small number of remote servers may have been affected,” the tweet further explains. “These servers support unclassified collaborative engineering activities within the scientific community. All relevant stakeholders have been informed and we will provide further updates as soon as additional information becomes available.”
200 GB of data
At the same time, Safety week reports that a cybercriminal with the alias ‘888’ posted a new thread on the infamous BreachForums website and claimed responsibility for the breach, which they say happened on December 18th.
According to the announcement, ESA lost 200 GB of data, including some from private Bitbucket repositories. In its report, CyberInsider shows these types of files as nabbed:
- Source code from private Bitbucket repositories
- CI/CD pipeline configurations
- API and access tokens
- Internal documentation
- SQL database files
- Terraform infrastructure code
- Hard-coded credentials and configuration files
They also posted a few screenshots to prove their claims, but at press time, no one has analyzed the samples to see if they are authentic or not.
This is not the first time ESA has been hit by hackers, since about a year ago the agency’s website was compromised with a credit card skimmer. At the time, researchers from Sansec discovered a malicious script on ESA’s webshop and found that it created a fake Stripe payment page at checkout where it collected customer information.
Payment data, including sensitive credit card information, was also collected.
Via Safety week
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
