The European Space Agency’s (ESA) official merchandise web store has fallen victim to a sophisticated cyber attack, forcing it to temporarily shut down operations. The breach was discovered when security researchers identified malicious JavaScript code injected into the store’s checkout process.
The attack involved a fraudulent payment system that mimicked legitimate Stripe payment processing pages. When customers attempted to complete purchases, they were redirected to a convincing but fake payment page designed to harvest their credit card information.
Cybersecurity firm Sansec first detected the breach, noting that the attackers cleverly used a domain name similar to the legitimate ESA store (esaspaceshop.pics versus esaspaceshop.com) to collect stolen data. Source Defense Research later confirmed these findings.
The compromise is particularly concerning as the store appeared to be integrated with ESA systems, potentially putting agency employees at risk. However, ESA has clarified that the web store operates on separate infrastructure and is not managed directly by the agency.
While the fake payment page has been removed, the store remains offline with a message stating it is “temporarily out of orbit.” This incident affects the commercial merchandise platform of ESA, an organization with a €10 billion budget dedicated to space exploration and research.
The attack demonstrates a sophisticated approach to e-commerce fraud, using convincing payment page spoofing techniques that could be difficult for average consumers to detect.