The European Space Agency (ESA) has fallen victim to a cyberattack targeting its merchandise web store, resulting in the compromise of customer payment details. The breach was orchestrated through malicious JavaScript, which replaced the legitimate payment process with a deceptive Stripe payment page during checkout. The counterfeit page closely resembled the authentic ESA store, making it difficult for users to detect foul play.
The attack was uncovered by e-commerce security specialists at Sansec, who identified the malicious script and raised concerns about potential risks to ESA employees. The security firm highlighted that the fake domain used for exfiltration was cleverly crafted to resemble the store’s legitimate name, "esaspaceshop," but utilized the ".pics" domain extension instead of ".com."
Further analysis by Source Defense Research corroborated Sansec’s findings, providing evidence of the fake Stripe page in operation. Although the fraudulent payment page has been removed, traces of the malicious script remain embedded in the website’s source code, posing ongoing risks.
In response to the breach, the ESA store has been taken offline, with a notice humorously stating that it is “temporarily out of orbit.” The incident underscores the critical importance of robust cybersecurity measures for e-commerce platforms, particularly those linked to high-profile organizations.
0 Comments