Malicious Cyber Activity Targeting Critical SAP Applications

Original release date: April 6, 2021

SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management.  

On April 6 2021, security researchers from Onapsis, in coordination with SAP, released an alert detailing observed threat actor activity and techniques that could lead to full control of unsecured SAP applications. Impacted organizations could experience:

  • theft of sensitive data, 
  • financial fraud, 
  • disruption of mission-critical business processes,
  • ransomware, and
  • halt of all operations. 

CISA recommends operators of SAP systems review the Onapsis Alert Active Cyberattacks on Mission-Critical SAP Applications for more information and apply necessary updates and mitigations. 

See CISA’s previous alerts on SAP:

This product is provided subject to this Notification and this Privacy & Use policy.