European Space Agency’s cybersecurity in freefall as yet another breach exposes spacecraft and mission data

AndyC 23 January 2026

It has just been a few weeks since we reported on the Christmas cyber attack suffered by the European Space Agency (ESA), and the situation has already become worse.

European Space Agency’s cybersecurity in freefall as yet another breach exposes spacecraft and mission data

European Space Agency’s cybersecurity in freefall as yet another breach exposes spacecraft and mission data

It has just been a few weeks since we reported on the Christmas cyber attack suffered by the European Space Agency (ESA), and the situation has already become worse.

When ESA revealed that it had been hacked over the Christmas period by a hacker known as “888” it was quick to reassure the public that the impact was “limited” to external servers containing unclassified engineering data.

The hacker, however, claimed to have exfiltrated some 200GB of data, including source code, API and access tokens, hardcoded credentials, and SQL files. Some of the stolen documents were said to be related to the Ariel space telescope mission which aims to launch in 2029 in a mission to find out the atmospheric composition of exoplanets.

In light of the latest data breach to impact ESA, the December 2025 incident doesn’t look too bad.

Because this month the Scattered Lapsus$ Hunters cybercrime group was quick to pick up where “888” had left off, exploited what they claim was an unpatched vulnerability to steal an additional 500GB of data – more than double the initial haul.

Furthermore, this latest breach reportedly involves data that might be more concerning – such as operational procedures, spacecraft and mission details, subsystems documentation, and proprietary contractor data from ESA partners including SpaceX, Airbus Group, and Thales Alenia Space.

As a consequence of this latest incident, ESA has now confirmed that a criminal investigation is underway.

Some have suggested that poor cybersecurity practices at ESA may have helped the hacking group gain unauthorised access to systems.

Cybersecurity researcher Clémence Poirier told Space.com that she frequently comes across the email credentials of ESA staff (as well as NASA) up for sale on dark web forums.

Unfortunately for ESA, it has suffered from a history of cybersecurity incidents. These have ranged from its official online merchandise store being compromised with payment card-skimming code just days before Christmas 2024, to an Anonymous-linked breach that exposed employee and subscriber passwords and other data in 2015.

The high profile of organisations that work in outer space means that they are common targets for both bug hunters and malicious hackers, with vulnerabilities being disclosed “almost every day” to BugCrowd about NASA, for instance.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , ,

More Stories

Arctic Wolf detects surge in automated Fortinet FortiGate firewall configuration attacks

AndyC 23 January 2026
U.S. CISA adds a flaw in Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog

U.S. CISA adds a flaw in Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog

AndyC 23 January 2026
Cisco fixed actively exploited Unified Communications zero day

Cisco fixed actively exploited Unified Communications zero day

AndyC 22 January 2026
Zoom fixed critical Node Multimedia Routers flaw

Zoom fixed critical Node Multimedia Routers flaw

AndyC 22 January 2026
Smashing Security podcast #451: I hacked the government, and your headphones are next

Smashing Security podcast #451: I hacked the government, and your headphones are next

AndyC 22 January 2026
NDSS 2025 – Dissecting Payload-Based Transaction Phishing On Ethereum

ACME flaw in Cloudflare allowed attackers to reach origin servers

AndyC 22 January 2026

You may have missed

Arctic Wolf detects surge in automated Fortinet FortiGate firewall configuration attacks

AndyC 23 January 2026
U.S. CISA adds a flaw in Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog

U.S. CISA adds a flaw in Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog

AndyC 23 January 2026
European Space Agency’s cybersecurity in freefall as yet another breach exposes spacecraft and mission data

European Space Agency’s cybersecurity in freefall as yet another breach exposes spacecraft and mission data

AndyC 23 January 2026
What Is Student-Centered Learning? A Practical Guide for New Teachers

What Is Student-Centered Learning? A Practical Guide for New Teachers

AndyC 23 January 2026
Work-from-office mandate? Expect top talent turnover, culture rot

ZEST Security Adds AI Agents to Identify Vulnerabilities That Pose No Actual Risk

AndyC 23 January 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.