Deimos Imaging, SpaceX, Teledyne, Airbus Group, Thales Alenia Space, European Space Agency and SkyLabs: Criminal probe sought by European Space Agency over Scattered Lapsus$ Hunters breach

ESA Faces Criminal Inquiry Over Alleged 500GB Data Breach by Scattered Lapsus$ Hunters

The European Space Agency (ESA) is set to launch a criminal investigation following claims by the hacking group Scattered Lapsus$ Hunters that they exfiltrated 500GB of sensitive data from its servers in September. The breach, reportedly exploiting an unpatched vulnerability, has raised concerns over the exposure of critical space program information.

While ESA has not confirmed the attackers’ assertions, leaked data samples shared by the group include internal files from major contractors such as Airbus Group, SpaceX, Teledyne, Deimos Imaging, Thales Alenia Space, and SkyLabs. The compromised data allegedly contains operational procedures, details on Earth Observation satellite constellations, system capabilities, security protocols, and mission-specific files related to ESA’s space programs.

This incident follows ESA’s recent acknowledgment of a separate breach involving external servers, where over 200GB of purportedly stolen data was leaked on BreachForums. The full scope and impact of the breach remain under scrutiny as authorities prepare to investigate.

Source: https://www.scworld.com/brief/criminal-probe-sought-by-european-space-agency-over-scattered-lapsus-hunters-breach

Deimos Imaging TPRM report: https://www.rankiteo.com/company/deimos-imaging

SpaceX TPRM report: https://www.rankiteo.com/company/spacex

Teledyne TPRM report: https://www.rankiteo.com/company/teledyne

Airbus Group TPRM report: https://www.rankiteo.com/company/airbus-defence-and-space---intelligence

Thales Alenia Space TPRM report: https://www.rankiteo.com/company/thales-alenia-space

European Space Agency TPRM report: https://www.rankiteo.com/company/european-space-agency

SkyLabs TPRM report: https://www.rankiteo.com/company/skylabs.si

"id": "deispatelairthaeursky1767888882",
"linkid": "deimos-imaging, spacex, teledyne, airbus-defence-and-space---intelligence, thales-alenia-space, european-space-agency, skylabs.si",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Aerospace/Defense',
                        'location': 'Europe',
                        'name': 'European Space Agency (ESA)',
                        'size': 'Large',
                        'type': 'Government Agency'},
                       {'industry': 'Aerospace/Defense',
                        'name': 'Airbus Group',
                        'size': 'Large',
                        'type': 'Contractor'},
                       {'industry': 'Aerospace',
                        'name': 'SpaceX',
                        'size': 'Large',
                        'type': 'Contractor'},
                       {'industry': 'Aerospace/Technology',
                        'name': 'Teledyne',
                        'size': 'Large',
                        'type': 'Contractor'},
                       {'industry': 'Satellite Imaging',
                        'name': 'Deimos Imaging',
                        'type': 'Contractor'},
                       {'industry': 'Aerospace/Defense',
                        'name': 'Thales Alenia Space',
                        'size': 'Large',
                        'type': 'Contractor'},
                       {'industry': 'Aerospace/Technology',
                        'name': 'SkyLabs',
                        'type': 'Contractor'}],
 'attack_vector': 'Unremediated vulnerability',
 'data_breach': {'data_exfiltration': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Internal files',
                                              'Operational procedures',
                                              'Earth Observation satellite '
                                              'constellation details',
                                              'System capabilities',
                                              'Security protocols',
                                              'Satellite orientation and '
                                              'position management files',
                                              'Sensitive mission-related '
                                              'information']},
 'date_detected': '2023-09',
 'description': 'The European Space Agency (ESA) disclosed plans to call for a '
                'criminal inquiry over the Scattered Lapsus$ Hunters hacking '
                "group's claims of compromising 500 GB of sensitive data from "
                'its servers through an unremediated vulnerability in '
                'September. The stolen data includes internal files and '
                'documents from contractors such as Airbus Group, SpaceX, '
                'Teledyne, Deimos Imaging, Thales Alenia Space, and SkyLabs, '
                'covering operational procedures, Earth Observation satellite '
                'constellation details, system capabilities, security '
                'protocols, and sensitive mission-related information.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': '500 GB',
            'legal_liabilities': 'Potential',
            'operational_impact': 'Compromise of sensitive mission and '
                                  'operational data',
            'systems_affected': 'External servers'},
 'investigation_status': 'Ongoing',
 'references': [{'source': 'The Register'}, {'source': 'BreachForums'}],
 'regulatory_compliance': {'legal_actions': 'Potential criminal inquiry'},
 'response': {'law_enforcement_notified': 'Planned (criminal inquiry)'},
 'threat_actor': 'Scattered Lapsus$ Hunters',
 'title': 'ESA Data Breach by Scattered Lapsus$ Hunters',
 'type': 'Data Breach'}