- ESA confirmed a cyberattack that affected external servers used for collaborative engineering activities
- Hacker “888” claims to have stolen 200 GB of data, including source code, tokens and settings
- The incident follows the ESA webstore breach last year involving a credit card skimmer
The European Space Agency (ESA) suffered a cyberattack earlier this week and apparently lost sensitive data in the process. The agency confirmed the news on X and said it is currently investigating the incident:
“ESA is aware of a recent cybersecurity issue involving servers located outside the ESA corporate network,” the tweet reads. “We have initiated a forensic security analysis, currently underway, and implemented measures to protect any potentially affected devices.”
The agency emphasized that the compromised servers were “outside ESA’s corporate network,” suggesting they contained data that cannot be labeled highly sensitive.
“Our analysis so far indicates that only a very small number of external servers may have been affected,” the tweet explains. “These servers support unclassified collaborative engineering activities within the scientific community. All relevant stakeholders have been informed and we will provide further updates as soon as additional information is available.”
200 GB of data
At the same time, safety week reports that a cybercriminal with the alias ‘888’ posted a new thread on the infamous BreachForums website, taking responsibility for the breach which they say occurred on December 18.
According to the announcement, ESA lost 200GB of data, including some of Bitbucket’s private repositories. In his report, CyberInsider lists these types of files as captured:
- Bitbucket private repositories source code
- CI/CD pipeline configurations
- API and access tokens
- Internal documentation
- SQL database files
- Terraform infrastructure code
- Encrypted credentials and configuration files
They also posted some screenshots to prove their claims, but at the time of this publication, no one has analyzed the samples to see if they are authentic or not.
This is not the first time hackers have attacked the ESA, as about a year ago the agency’s website was compromised with a credit card skimmer. Back then, Sansec researchers detected a malicious script in the ESA webstore and determined that it created a fake Stripe payment page at checkout, where it collected customer information.
Payment data, including sensitive credit card information, was also being collected.
Through safety week
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
