- Hackers are using increasingly sophisticated tactics, making cybersecurity more critical than ever
- Cybercriminal organizations disrupt global economies by targeting industries like healthcare, finance, and government
- Hackers manipulate human behavior to trick individuals into disclosing sensitive information or access credentials
A new wave of cyberattacks targeting British companies has been described as a “critical national security threat” by an analyst speaking to Sky News. The attacks follow the discovery of a previously unknown vulnerability in widely used software.
Unlike the recent ransomware attacks on M&S, Co-op, and Harrods, this incident involved remote code execution, where hackers gain control of devices and networks over the internet to execute potentially harmful programs or steal data. The exploit, uncovered by Arda Buyukkaya from cybersecurity firm EclecticIQ, took advantage of a hidden backdoor in SAP Netweaver software, though a patch has since been released.
Cody Barrow, CEO of EclecticIQ and former Pentagon, NSA, and US Cyber Command official, told Sky News that governments should consider this a significant national security threat, noting that it’s the kind of issue that keeps experts like him awake at night. He emphasized that the exploitation of these networks is extensive, with over 500 SAP customers affected, and possibly many more at risk. He urged users to update to the latest software version. Victims of the attack include companies like gas giant Cadent, News UK, Euro Garages, Johnson Matthey, and Ardagh Metal, with additional targets in the US and Saudi Arabia.
NHS England has issued a warning about the exploit, although it’s unclear if they were directly impacted. The National Cyber Security Centre (NCSC), part of the UK’s GCHQ, is actively monitoring the situation. An NCSC spokesperson advised organizations to follow best practices to mitigate the vulnerability and reduce the risk of malicious activity.
The backdoor exploit was first detected early in the year and became more widespread in March. JP Perez-Etchegoyen, CTO of Onapsis, a firm specializing in SAP cybersecurity, told Sky News that the vulnerability had been actively exploited since then.
Cabinet minister Pat McFadden recently warned that the cyberattacks on M&S, Co-op, and Harrods should serve as a “wake-up call” for businesses. Spokespersons for Cadent, News UK, and other affected companies have declined to comment, though Cadent is working with the NCSC on cybersecurity.
Initial investigations have linked the attacks to Chinese cyber-espionage groups, based on Chinese-named files found in the hacks and the tactics used by the attackers. These groups are believed to target critical infrastructure, steal sensitive data, and maintain long-term access to valuable networks globally. In the UK, targeted sectors include gas distribution, water, and waste management utilities.
SAP has acknowledged the vulnerability in SAP Netweaver’s Visual Composer component and issued patches in April and May 2025. They urged customers to install the updates to protect their systems. The Chinese embassy in London has been contacted for a statement.
