Hacker Puts European Space on the Counter: 200 GB of Satellite Codes, Passwords, and Airbus Defense Data Up for Crypto
Who's ready to pay a hefty sum in Bitcoin for the juiciest ESA secrets?
Who's ready to pay a hefty sum in Bitcoin for the juiciest ESA secrets?
An advertisement for the sale of a large data archive, allegedly linked to Bitbucket repositories used in European Space Agency (ESA) projects, has appeared on the BreachForums forum. The seller, using the nickname 888, claims the archive has a volume of approximately 200 gigabytes.
The post was brought to attention by space and rocket technology researcher Georgiy Trishkin. According to his assessment, the leak affects not only scientific projects but also developments of a defense nature related to Airbus Defense and Space. The archive's description states it contains internal technical documentation, source codes, fragments of CI/CD infrastructure, as well as access credentials — passwords, API tokens, and other sensitive information.
The sale of leaks of this volume is relatively rare and in itself amplifies potential risks. Bitbucket repositories are typically used for collaborative development of software and engineering solutions. Therefore, the compromise of such data could lead not only to information disclosure but also to the takeover of infrastructure control or the introduction of changes into active projects.
According to Trishkin, published screenshots suggest the attacker indeed possesses proprietary materials. As an example, he mentions data related to the JUICE scientific probe, which Airbus specialists also worked on. However, a complete picture of the incident is not yet available. He notes that hacks affecting space agencies or related organizations are infrequent, and putting such data up for sale moves the situation beyond the realm of conventional industrial espionage, making the question of who will ultimately obtain these materials particularly crucial.
The European Space Agency has confirmed the incident. ESA stated it is aware of the issue and has initiated an internal investigation. According to the agency's statement, it concerns a cyber incident affecting servers located outside the main corporate network.
Preliminary investigation results indicate the incident may have affected only a limited number of external servers used for unclassified collaborative engineering work on scientific projects. All relevant parties have been notified, and the analysis is ongoing. The agency also emphasizes that the leak does not concern classified data and does not affect core ESA infrastructure.
