The European Space Agency (ESA) is currently addressing a cybersecurity incident involving several externally hosted science servers, following hacker claims of exfiltrating up to 200 gigabytes of internal data. ESA assures that no classified or mission-critical systems were compromised, but experts warn this incident highlights vulnerabilities in the global space sector’s interconnected networks.
ESA explained that the affected servers, used for collaborative engineering with external partners, were outside its core corporate network and contained only unclassified data. The agency is conducting a forensic security analysis and has taken steps to secure potentially affected devices.
The breach was first reported on the BreachForums website by a user named “888,” who claimed responsibility and offered the data for sale. The stolen cache allegedly includes source code, private repositories, API tokens, configuration files, credentials, and internal documentation. Screenshots posted by the attacker suggest access to ESA’s systems for about a week, though their authenticity has yet to be verified.
The volume of stolen data raises concerns about potential supply chain attacks or further network infiltration by advanced threat actors, despite the unclassified nature of the files.
ESA’s official response did not confirm the data theft, emphasizing that only a small number of external servers may have been impacted. The agency has secured these systems and will provide updates as investigations continue.
This incident highlights ongoing threats to space sector infrastructure, where external collaborative platforms increase exposure risks. Attacks on development services like JIRA and Bitbucket are becoming more attractive to attackers seeking deeper network access.
While ESA maintains that no core systems were accessed, the potential theft of development assets and credentials raises concerns about future exploitation. This is not ESA’s first cybersecurity challenge, with previous breaches in 2015 and 2024 affecting subdomains and external commerce systems.
The broader European space sector often struggles with stringent cybersecurity regulations, partly due to limited expertise and reliance on third-party components. As ESA continues its investigation, the focus remains on verifying data claims, assessing credential exposure, and understanding implications for satellite projects and international partnerships. ESA is committed to updating stakeholders as more information emerges, highlighting the urgent need for enhanced cybersecurity across space agencies.
