The European Space Agency (ESA) confirmed that a cybersecurity incident allowed external actors to access servers located outside its corporate network, which contained information that the organization classified as unclassified and linked to collaborative engineering activities.
As confirmed by ESA itself on its social network
After becoming aware of the incident, ESA immediately began a security forensic analysis (currently ongoing) and implemented measures to protect any potentially affected devices.
Analysis to date indicates that only a very small number of external servers may have been affected. These servers support unclassified collaborative engineering activities within the scientific community. All interested parties have been informed and ESA will provide more information as soon as it becomes available.
For their part, the attackers claim to have exfiltrated more than 200 GB of data, including source code, private Bitbucket repositories, CI/CD pipelines, access tokens and APIs, configuration files, infrastructure scripts as code, SQL databases and embedded credentials. “I have been connected for a week to several of their services and have downloaded all of their private repositories,” the threat actor stated on the forum.
The official confirmation came after a threat actor posted claims about an alleged intrusion into ESA systems on the underground forum BreachForums. As support, the attacker released screenshots showing sustained access for a week to JIRA and Bitbucket servers, tools used for project management and software development.
Allegedly affected servers support unclassified collaborative engineering activities within the scientific community
According to various sources, the incident is not an isolated event. In December last year, ESA’s official webstore was compromised by inserting malicious JavaScript code, used to steal customer information and payment card data during the purchase process, which had already highlighted persistent challenges in protecting its digital platforms.
