Europe’s space agency has issued a brief statement appearing to confirm reports that hackers compromised data in an incident last month.
The European Space Agency (ESA) said it is “aware” of a recent issue involving servers outside its corporate network and has begun a forensic analysis to learn more.
“Our analysis so far indicates that only a very small number of external servers may have been impacted,” it added.
“These servers support unclassified collaborative engineering activities within the scientific community. All relevant stakeholders have been informed, and we will provide further updates as soon as additional information becomes available.”
The agency – which counts the UK, Switzerland and most of Europe among its 23 member states – also said that it has “implemented measures to secure any potentially affected devices.”
Read more on space sector threats: Why Ensuring Supply Chain Security in the Space Sector is Critical
The news follows a BreachForums post from a threat actor claiming that they compromised the ESA on December 18.
“I’ve been connecting to some of their services for about a week now and have stolen over 200GB of data. Including dumping all their private Bitbucket repositories as well,” it noted.
The data haul includes source code; CI/CD pipelines; API and access tokens; confidential documents; configuration, Terraform and SQL files; and hardcoded credentials, the post claimed.
Xcape director, Damon Small, argued that threat actors would be able to use this information to probe for potential supply chain attacks.
“The incident highlights the inherent tension in collaborative scientific settings, where open data sharing among 23 member states often conflicts with stringent security,” he added.
“As space agencies increasingly rely on distributed partnerships, vendors and cloud services, their attack surface grows. This problem is so pervasive, in fact, that the US DoD [Department of Defense] implemented the Cybersecurity Maturity Model Certification to ensure that all subcontractors are protecting controlled unclassified information.”
The Space Threat Landscape Evolves
As the number of satellites in orbit continues to grow, the space technology sector is coming under the scrutiny of both threat actors and regulators.
A report from EU security agency ENISA last year revealed that the sector was one of six currently struggling to comply with the NIS2 directive, due largely to limited cybersecurity knowledge and a heavy reliance on commercial off-the-shelf components.
In a separate March 2025 report, ENISA warned of potentially “cascading effects” stemming from attacks on satellites. These include financial losses for businesses relying on satellites, disruption to essential services causing societal harm and loss of life, and compromise of sensitive information transmitted via satellites, which could create legal and regulatory risks for businesses.
“The breach proves that even seemingly low-value data can be critical when it reveals the framework of a nation’s space endeavors. This, combined with intensifying geopolitical and commercial competition in space, makes these environments more appealing targets,” said Small.
