The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network. These systems contained what the agency described as “unclassified” information related to collaborative engineering activities.
Background on the European Space Agency
Founded 50 years ago and headquartered in Paris, ESA operates as an intergovernmental organization coordinating the space activities of 23 member states. The agency employs around 3,000 staff and managed a budget of €7.68 billion ($9 billion) in 2025.
Earlier today, the space agency issued a statement confirming the breach after a threat actor posted claims on the BreachForums hacking forum, alleging they had compromised several ESA servers.
Moreover, the threat actor leaked screenshots to support the claims, stating they accessed ESA’s JIRA and Bitbucket servers continuously for an entire week.
ESA Responds and Launches Forensic Investigation
“ESA is aware of a recent cybersecurity issue involving servers located outside the ESA corporate network. We have initiated a forensic security analysis—currently in progress—and implemented measures to secure any potentially affected devices,” the space agency said on Tuesday.
“Our analysis so far indicates that only a very small number of external servers may have been impacted. These servers support unclassified collaborative engineering activities within the scientific community.”
In addition, ESA says it has already notified “all relevant stakeholders” about the incident and plans to provide further updates as more information becomes available.
Hackers Allege Massive Data Theft
However, ESA did not disclose which specific servers attackers breached. In contrast, the threat actors claim they exfiltrated more than 200GB of data after gaining access to the European Space Agency’s systems and private Bitbucket repositories.
Threat actor’s ESA breach claims (BleepingComputer)
According to the attackers, the allegedly stolen data includes source code, CI/CD pipelines, API tokens, access tokens, confidential documents, configuration files, Terraform files, SQL files, hardcoded credentials, and additional sensitive materials.
“I’ve been connecting to some of their services for about a week now and have stolen over 200gb of data. Including dumping all their private Bitbucket repositories as well,” the threat actors said.
An ESA spokesperson did not immediately respond to a request for comment from BleepingComputer earlier today.
Notably, this incident does not mark the first time Attackers have Breached ESA systems in recent years.
One year ago, shortly before Christmas, hackers Compromised the European Agency’s official web shop and Injected Malicious JavaScript code designed to steal customer information and payment card data entered during Checkout.
Source: BleepingComputer, Sergiu Gatlan
Read more at Impreza News
