200 gigabytes of data offered for sale: Cyber security incident at ESA

The European Space Agency ESA has admitted to a "cyber security incident" but assured that it only affected servers "outside the in-house network." This is stated in a post on the microblogging service X, published before the turn of the year. This was in response to the claim by an unknown person that they had access to ESA systems for a week, as reported by Bleeping Computer. According to the report, the person already stated last week that they had exfiltrated more than 200 gigabytes of data and offered it for sale. The ESA has not commented on this.

Not secret documents, but also access credentials

According to the ESA's statement, the analysis carried out has shown that "only a very small number of servers" were affected. These contained "non-secret" documents for collaboration with science. All relevant organizations have been informed, and further information will follow "as soon as it is available." According to Bleeping Computer, the alleged perpetrator claims to have stolen, among other things, source code, API and access tokens, configuration and SQL files, as well as other access credentials. These were reportedly exfiltrated from Jira and Bitbucket servers.

Even though the ESA suggests that the cyberattack was not particularly serious, the incident is at least unpleasant. Only in the spring did the space agency open an IT security center, which is intended to monitor and protect the ESA's "digital assets" from two locations. This concerns "satellites in space down to the worldwide network of ground stations and mission control systems on Earth," as it was stated at the time. The Cyber Security Operations Centre (C-SOC) was also intended to be understood as a response to the constantly increasing threat situation.

Read also

Viasat: Wiper-Malware hat Ausfall des Satellitennetzwerks KA-Sat verursacht

(mho)