The European Space Agency (ESA) recently experienced unauthorized access to servers. The servers were outside of its internal corporate network. This event, which involved “servers” providing support for collaborative engineering, exemplifies the risks associated with third-party infrastructure when facing today’s increasing level of sophisticated cyber threats.
Who is The European Space Agency?
ESA was founded in 1975 in Paris and coordinates space-related activities of its 23 member countries; the organization employs approximately 3000 people and is expected to spend โฌ7.68 billion by 2025.
ESA’s responsibilities
- Satellite launches
- Earth observation
- Planetary research
- Scientific research
ESA acknowledged the breach after an attacker stated he had successfully infiltrated ESA’s systems and had access to sensitive repositories for more than one week.
ESA stated the servers were not within its internal corporate network but were servers supporting unclassified collaborative engineering projects.
The distinction is significant because although the data was not classified
The data contained technical resources available to scientists and engineers who collaborate. ESA noted that forensic analysis is currently being performed and that steps have been taken to secure all possible affected devices.
The threat actor claimed he had stolen more than 200 GB of data
The data included private Bitbucket repositories, source code, CI/CD pipelines, API tokens, configuration files, SQL databases, and even hard-coded credentials. Screenshots published online appear to depict the attacker accessing ESA’s JIRA and Bitbucket servers. If accurate, this would expose sensitive workflows and intellectual property, regardless of whether the information was officially classified.
The ESA says it will post additional information as the investigation continues
ESA has not confirmed the attackers’ claims about the extent of the data theft, but the attack illustrates the risk of using external servers to support collaborative engineering projects.
This is not the first time ESA has encountered cybersecurity issues. In late 2024, ESA’s official e-commerce site was compromised by malicious JavaScript code that was designed to steal payment information from customers. The current attack is representative of a larger trend of cyberattacks against scientific and government-based organizations worldwide.
Due to the sensitivity of their research, the value of their intellectual property, and the geopolitical implications of space exploration, space agencies remain vulnerable. The Times of India reported that the majority of the affected servers were primarily used to facilitate collaborative engineering between ESA and its scientific partners and contractors. Although ESA indicated the systems that were breached did not contain any classified mission data, the breach could negatively affect ongoing projects and diminish the trust of ESA’s international collaborators.
Unclassified data: Is the data really non-sensitive?
Even though attackers refer to “unclassified” data as non-sensitive, many types of data, including source code, configuration files, and access tokens, can provide insight into system architecture and possibly lead to successful future attacks. Furthermore, the leak of engineering data could undermine competitive advantages and disclose weaknesses in space technology.
ESA is conducting a forensic analysis of the systems attacked and has taken additional security measures to protect the affected servers. The ESA release indicates only a small number of external servers were impacted by the attack; however, it remains unknown the actual amount of data that was extracted. ESA will need to maintain transparency to ensure confidence among ESA’s partners and the public.
ESA is anticipated to improve its cybersecurity posture, particularly related to third-party infrastructure
This may include increased scrutiny of external services, improved monitoring of collaborative platforms, and increased investments in secure cloud-based services. The ESA cyber-attack demonstrates the long-standing threat associated with the use of third-party servers. Even though ESA maintains that only unclassified systems were affected, the attackers’ claim of stealing large amounts of data demonstrates the potential damage that can occur from such an incident.
