Hackers Chasing Aerospace Segment Hard - European Space Agency Targeted Twice in a Week

ESA hit twice

• The Ghost Squad Hackers (GSH) targeted the business website of the ESA twice but there was no specific motive clearly mentioned in their messages.
• In their first attempt in mid-July, the GSH group exploited a Server-side Request Forgery (SSRF) remote code execution vulnerability in the agency’s server, and gained access to the website (https://business[.]esa[.]int/).
• Within the next few days, the same hackers again found another private SSRF vulnerability in another domain (https://space4rail[.]esa[.]int).

Other aerospace agencies and contractors on target

• Last month, members of the Lazarus Group were seen using fake LinkedIn job recruiter profiles and private messages to approach employees working at European aerospace and military companies, including Collins Aerospace and General Dynamics.
• In the same month, VT San Antonio Aerospace Inc., the contractor providing maintenance, repair, and overhaul services to aircraft, was hit with the Maze ransomware attack, affecting its U.S. commercial operations.
• Digital Management Inc. (DMI), NASA's IT contractor that provides managed IT and cyber-security services on demand, was targeted by the DoppelPaymer ransomware actors.

SpaceX - A recurring target for impersonation attacks