Chinese state-backed hackers are exploiting a critical SAP vulnerability (CVE-2024-4584) to conduct global espionage, targeting organizations across sectors like government, defense, and critical infrastructure. This ongoing campaign involves sophisticated malware deployment, backdoors, and persistent access methods, emphasizing the need for urgent security patching.
Affected: SAP NetWeaver Application Server Java systems, organizations using SAP systems.
Affected: SAP NetWeaver Application Server Java systems, organizations using SAP systems.
Keypoints
- Chinese government-backed hackers, known as βSalt Typhoon,β are actively exploiting a critical SAP vulnerability (CVE-2024-4584) for espionage purposes.
- The vulnerability affects SAP NetWeaver Application Server Java 7.5 and has a severity score of 9.8/10 on the CVSS scale.
- Exploitation allows remote code execution without authentication, leading to potential data breaches, system control, and lateral network movement.
- The U.S. CISA has listed this vulnerability as actively exploited and requires federal agencies to patch systems by June 3, 2025.
- SAP released a security patch on April 9, 2025; however, many organizations have yet to update their systems, leaving them vulnerable.
- Attackers deploy advanced malware and web shells to maintain persistent, undetected access to compromised networks.
- The campaign mainly targets strategic sectors such as government, defense, tech, and critical infrastructure for intelligence gathering.
- Experts recommend immediate patching, network segmentation, enhanced monitoring, and thorough log reviews to defend against such threats.
Read More: https://www.webpronews.com/chinese-hackers-exploit-critical-sap-flaw-in-global-espionage-campaign/