European Space Agency hit again as cybercrims claim 200 GB data up for sale

Steven

European Space Agency hit again as cybercrims claim 200 GB data up for sale

Summary

The European Space Agency (ESA) has acknowledged a security incident that it says may have affected a “very small number of external servers” used for unclassified engineering and scientific collaboration. A cybercrime forum post claims over 200 GB of ESA data is being offered for sale, including source code, CI/CD pipelines, API tokens, credentials, configuration and Terraform files, SQL dumps and private Bitbucket repositories. ESA says a forensic investigation is underway and stakeholders have been informed.

Key Points

  • ESA confirmed a security incident and says impact appears limited to a small number of external servers.
  • A threat actor claims to be selling more than 200 GB of stolen ESA data, listing source code, CI/CD pipelines, tokens and credentials.
  • The alleged access began around 18 December and lasted about a week, according to the attacker’s post.
  • ESA has started forensic analysis and implemented measures to secure affected devices; holiday closures have limited immediate responses.
  • This incident follows a string of prior breaches (online shop in 2024, domain compromise in 2015 and a 2011 breach), suggesting recurring exposure in external-facing systems.

Context and relevance

Space agencies increasingly rely on external collaboration platforms, cloud services and public-facing servers. Leaks of source code, CI/CD pipelines and tokens pose elevated supply-chain and operational risks: attackers with credentials or repo dumps can pursue persistent access, tamper with build systems or harvest further secrets. The incident highlights ongoing challenges in segregating external services from core infrastructure and in protecting developer and collaboration environments.

Author style

Punchy: this isn’t just another server snafu. If the attacker’s claims are accurate, stolen credentials and private repos give adversaries pathways into development and deployment pipelines — exactly where damage can cascade quickly. Read closely if your work touches software supply chains, DevOps or critical-infrastructure security.

Why should I read this

Quick and blunt: if you care about space programmes, software supply chains, or security hygiene, this one matters. It shows how external-facing systems keep getting picked off and why secrets-in-code and open collaboration endpoints are a big, recurring headache.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2025/12/31/european_space_agency_hacked/