- ESA has confirmed a cyberattack affecting external servers used for collaborative engineering activities
- Hacker “888” claims to have stolen 200 GB of data, including source code, tokens and configurations.
- Incident follows last year’s ESA online store breach involving credit card skimmer
The European Space Agency (ESA) was hit by a cyberattack earlier this week and apparently lost sensitive data in the process. The agency confirmed the news about X, saying it is currently investigating the incident:
“ESA is aware of a recent cybersecurity issue involving servers located outside of the ESA corporate network,” the tweet said. “We have initiated a security forensic analysis, which is currently ongoing, and implemented measures to secure all potentially affected devices.”
The agency stressed that the compromised servers were located “outside the ESA corporate network”, suggesting that they contained data that cannot be described as highly sensitive.
“Our analysis so far indicates that only a very small number of external servers may have been impacted,” the tweet further explains. “These servers support unclassified collaborative engineering activities within the scientific community. All affected stakeholders have been informed and we will provide further updates as additional information becomes available.”
200 GB of data
At the same time, Safety Week reports that a cybercriminal going by the pseudonym “888” has posted a new thread on the infamous BreachForums website, taking responsibility for the breach which they say occurred on December 18.
As per the announcement, the ESA lost 200 GB of data, including some from private Bitbucket repositories. In his report, CyberInsider lists these file types as intercepted:
- Source code for private Bitbucket repositories
- CI/CD pipeline configurations
- API and access tokens
- Internal documentation
- SQL Database Files
- Terraform framework code
- Hardcoded credentials and configuration files
They also released a few screenshots to prove their claims, but as of press time, no one has analyzed the samples to see if they are authentic or not.
This is not the first time the ESA has been attacked by hackers, as about a year ago the agency’s website was compromised by a credit card skimmer. At the time, Sansec researchers spotted a malicious script on the ESA’s online store and determined that it created a fake Stripe checkout page during checkout, where it collected customer information.
Payment data, including sensitive credit card information, was also collected.
Via Safety Week
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
