The European Space Agency has suffered yet another security incident and, in keeping with past practice, says the impact is limited. Meanwhile, miscreants boast that they’ve made off with a trove of data, including what they claim are confidential documents, credentials, and source code.<\/p>\n
While the ESA said it’s aware of a security incident, it added in an X post<\/a> Tuesday that the breach may have impacted only “a very small number of external servers” used to support unclassified engineering and scientific collaboration.<\/p>\n “We have initiated a forensic security analysis\u2014currently in progress\u2014and implemented measures to secure any potentially affected devices,” the ESA added. “All relevant stakeholders have been informed, and we will provide further updates as soon as additional information becomes available.”<\/p>\n That’s in contrast to what one cybercriminal posted in their offer of over 200 GB of ESA data for sale on the still-not-dead BreachForums<\/a> the day after Christmas, according to screenshots<\/a> grabbed from the seemingly impossible-to-kill cybercrime forum.<\/p>\n According to the alleged attacker, they gained access to ESA-linked external servers on December 18, and were connected “for about a week,” during which they claim to have stolen source code files, CI\/CD pipelines, API and access tokens, confidential documents, configuration files, Terraform files, SQL files, hardcoded credentials, and a dump of “all their private Bitbucket repositories as well.”\u00a0<\/p>\n We reached out to the ESA to get more information about the status of its investigation, and more specifics on what sort of servers were breached, but didn’t hear back, with an automated response informing us that the Agency’s offices are closed for the New Year holiday.\u00a0<\/p>\n As noted above, this isn’t the first time the ESA has experienced a security incident, nor the first time it has said the affected systems were external to its core networks.<\/p>\n The Space Agency’s online store was hit by attackers<\/a> last year shortly before the Christmas holiday, with miscreants inserting a fake payment page to nab customer info while unsuspecting users were shopping for space-themed holiday gifts. The ESA, naturally, said it’s not in charge of its own online store.\u00a0<\/p>\n A trio of ESA domains was compromised in 2015<\/a> via an SQL vulnerability, resulting in the theft and leak of information belonging to thousands of subscribers and some ESA staff.<\/p>\n