European Space Agency discloses major cyber attack on external servers

The European Space Agency has announced that a recent cyber security incident impacted several of its external servers that support unclassified collaborative engineering activities within the scientific community.

The ESA, a 23-member European organisation dedicated to space exploration and headquartered in Paris, made the announcement shortly after a hacker claimed that they accessed and exfiltrated about 200GB of data from the agency’s servers, including configuration files, credentials and source files.

The threat actor, using the pseudonym “888”, claimed on dark web site BreachForums that the stolen information contained the space agency’s internal repositories, source code, configuration files, API and access tokens, and internal documentation.

The threat actor also stated that the stolen files included private Bitbucket repositories, CI/CD pipeline configurations, Terraform and SQL files, and hard-coded credentials. The stolen data has been put up for sale on the BreachForums dark web marketplace.
 
ESA announced via a post on social networking site X that the affected servers were located outside of its corporate network and did not contain classified information.

“Our analysis so far indicates that only a very small number of external servers may have been impacted,” ESA said. “These servers support unclassified collaborative engineering activities within the scientific community. All relevant stakeholders have been informed, and we will provide further updates as soon as additional information becomes available.”

“We have initiated a forensic security analysis—currently in progress—and implemented measures to secure any potentially affected devices,” the agency added.