European Space Agency reports breach of external engineering servers

The European Space Agency (ESA) is reporting that hackers broke into servers placed outside of its main corporate network. A threat actor on BreachForums claimed the attack, posting screenshots of ESA's internal JIRA and Bitbucket instances as proof of the breach. 

The attackers claim they had access to the agency's systems for an entire week. During this time, they reportedly moved through private repositories and project management tools used by the scientific community. The attackers claim to have stolen over 200GB of data. 

ESA claims that these servers support engineering work. The leaked proof suggests access to sensitive development configurations and internal tools. The agency started an investigation to identify the attack vector and what data was stolen.

The compromised data includes:

• Private Bitbucket repositories and source code
• CI/CD pipelines and Terraform files
• API and access tokens
• Hardcoded credentials and SQL files
• Confidential documents and configuration files

The number of affected individuals and the vector of attack are not disclosed. ESA officials claim the impact is limited to a small number of external devices. They have isolated the affected systems and notified stakeholders. 

Even though the agency describes the data as unclassified, the presence of API tokens and credentials in the leak could allow attackers to target other systems if the agency does not rotate them in time.

This event follows an attack on the ESA web shop where hackers used malicious code to steal credit card data.