Technology

European Space Agency hack sees official store hijacked to steal customer details

December 26, 2024

Security researchers found a malicious script on ESA’s web shop
The script creates a fake Stripe page at checkout, grabbing payment data
The shop is currently unavailable

The website of the European Space Agency (ESA) was recently compromised with a credit card skimmer, putting countless people at risk of wire fraud.

Researchers from Sansec spotted a malicious script on ESA’s web shop, and determined it creates a fake Stripe payment page at checkout, where it collects customer information.

Payment data, including sensitive credit card information, was also being gathered, making this attack particularly dangerous.

Out of ESA’s hands?

The sensitive data was harvested and sent to a domain with the same name as ESA’s legitimate one, BleepingComputer reports. The top-level domain, however, was different as instead of the usual .com TLD, the domain here was .pics.

As soon as Sansec spotted the attack, it notified ESA, which temporarily shut the shop down.

At press time, it was still offline, showing Error 503: Service Unavailable. “Our site is temporarily out of orbit for some exciting renovations,” the shop says. “Please fly by later.”

Responding to BleepingComputer’s request for comment, ESA said the store is not hosted on its infrastructure, and as such, it is not the one managing the data.

“This could be confirmed with a simple whois lookup, which show complete details for ESA’s domain (esa.int) and its web store, where contact data is redacted for privacy,” BleepingComputer concluded.

So far, no threat actors have assumed responsibility for this attack, and with this type of incident, they rarely do. However, Magecart is a globally known, infamous threat actor, that was observed installing credit card skimmers on major websites in the past.

The last time we heard of Magecart was in March 2023, when Malwarebytes speculated the group might be behind the attack on multiple online ecommerce stores.

When crooks use people’s credit cards, the victims can get a refund from their bank. However, cybercriminals can use the money to fund advertising campaigns that distribute more malware, and by the time the cards are locked and funds returned, the damage was already done.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar