TZUTC: -0500
MSGID: 1904.consprcy@1:2320/105 2dbbc2d8
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
European space agency confirms 'external servers' breached in cyberattack

Date:
Wed, 31 Dec 2025 14:00:00 +0000

Description:
The ESA is investigating the extent of the breach, while hackers share stolen
files on the dark web.

FULL STORY

The European Space Agency (ESA) was hit with a cyberattack earlier this week
and apparently lost sensitive data in the process. The agency confirmed the
news on X, saying it is currently investigating the incident: 

"ESA is aware of a recent cybersecurity issue involving servers located
outside the ESA corporate network, the tweet reads. We have initiated a
forensic security analysiscurrently in progressand implemented measures to
secure any potentially affected devices."

The agency stressed that the compromised servers were outside the ESA
corporate network, suggesting that they contained data that cannot be labeled
as highly sensitive. 

Our analysis so far indicates that only a very small number of external
servers may have been impacted, the tweet further explains. These servers
support unclassified collaborative engineering activities within the
scientific community. All relevant stakeholders have been informed, and we
will provide further updates as soon as additional information becomes
available.

200 GB worth of data 

At the same time, Security Week reports that a cybercriminal with the alias
888 posted a new thread on the infamous BreachForums website, taking
responsibility for the breach which, they say, happened on December 18. 

As per the announcement, ESA lost 200 GB worth of data, including some from
private Bitbucket repositories. In its report, CyberInsider lists these types
of files as being nabbed:

Source code from private Bitbucket repositories
CI/CD pipeline configurations
API and access tokens
Internal documentation 
SQL database files
Terraform infrastructure code
Hardcoded credentials and configuration files

They also posted a few screenshots to prove their claims, but at press time,
no one analyzed the samples to see if they are authentic or not. 

This is not the first time ESA was struck by hackers, since roughly a year
ago, the agencys website was compromised with a credit card skimmer . Back
then,  researchers from Sansec spotted a malicious script on ESAs web shop,
and determined it created a fake Stripe payment page at checkout, where it
collected customer information. 

Payment data, including sensitive credit card information, was also being
gathered. 

 Via Security Week 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/european-space-agency-confirms-external
-servers-breached-in-cyberattack

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 275 300 307 317 400 426 428
SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200
SEEN-BY: 396/45 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12
SEEN-BY: 5075/35
PATH: 2320/105 229/426