Intergovernmental space exploration body European Space Agency had its online shop compromised with a malicious script triggering a bogus Stripe payment page that sought to exfiltrate payment card details and other sensitive customer details, reports BleepingComputer.
Threat actors behind the malicious activity leveraged the ESA's domain name with a different top-level domain to facilitate data exfiltration, according to an analysis from Sansec, which warned of the risk of compromise on ESA's employees given the integration of the store with the agency's systems.
Such findings have been verified by Source Defense Research, which discovered the loading of the fraudulent Stripe page on the agency's online store. BleepingComputer also determined the persistence of the malicious script within the site's source code even if the payment page was no longer triggered by the online store.
Meanwhile, ESA emphasized its online store to be managed outside its infrastructure by a third party.