A hack of the European Space Agency involves hijacking the official store to steal customer data
- Security researchers found a malicious script on the ESA webshop
- The script creates a fake Stripe page at checkout and collects payment information
- The store is currently unavailable
The European Space Agency (ESA) website was recently compromised with a credit card skimmer, putting countless people at risk of banking fraud.
Sansec researchers discovered a malicious script in ESA’s online store and determined that it creates a fake Stripe payment page at checkout, where it collects customer information.
Payment information, including sensitive credit card information, was also collected, making this attack particularly dangerous.
Out of the hands of ESA?
The sensitive data was collected and sent to a domain with the same name as ESA’s legitimate domain. BleepingComputer reports. The top-level domain was different, however, as instead of the usual .com TLD, the domain here was .pics.
As soon as Sansec noticed the attack, it notified ESA, which temporarily closed the shop.
At the time of writing it was still offline and showing Error 503: Service unavailable. “Our location is temporarily out of use due to some exciting renovation work,” the store said. “Please fly by later.”
Respond to BleepingComputerIn request for comment, ESA said the store is not hosted on its infrastructure and as such is not the one controlling the data.
“This can be confirmed with a simple whois search, which shows full details for ESA’s domain (esa.int) and its web store, where contact details are redacted for privacy,” BleepingComputer concluded.
To date, no threat actors have taken responsibility for this attack, and they rarely do so in these types of incidents. However, Magecart is a globally known, notorious threat actor, who has been observed in the past installing credit card skimmers on major websites.
The last time we heard of Magecart was in March 2023, when Malwarebytes speculated that the group may have been behind the attack on multiple online e-commerce stores.
When scammers use people’s credit cards, victims can get a refund from their bank. However, cybercriminals can use the money to fund ad campaigns that spread more malware, and by the time the cards are locked and the money is returned, the damage has already been done.