A fresh wave of cyber attacks against British companies has been labeled as a “critical national security threat” by an analyst speaking to Sky News. This latest threat comes on the heels of the discovery of a previously unknown vulnerability in software that is widely used by hundreds of companies. Unlike the recent ransomware attacks on M&S, Co-op, and Harrods, this new incident involves remote code execution. In simpler terms, hackers are gaining control of devices and networks over the internet to potentially run harmful programs or steal valuable data and information.
The revelation of this event was made by Arda Buyukkaya, an analyst at cybersecurity firm EclecticIQ. The exploit used a backdoor in a software known as SAP Netweaver, for which a patch has since been released. Cody Barrow, the CEO of EclecticIQ, who has a background working with prestigious organizations like the Pentagon, NSA, and US Cyber Command, emphasized the severity of the situation by stating that governments should view this as a critical national security issue. He highlighted the gravity of the scenario, indicating that it is the type of threat that keeps security experts awake at night.
According to Mr. Barrow, the exploitation of networks is widespread and ongoing, with over 500 SAP customers affected and more potentially at risk. He urged users to promptly update their software to the latest version to safeguard against further breaches. Companies such as Cadent, News UK, Euro Garages (EG) Group, Johnson Matthey, and Ardagh Metal have been identified as victims, with entities in the US and Saudi Arabia also falling prey to these cyber attacks. NHS England has issued a warning regarding the exploit on their website, although it remains unclear if they have been impacted. The National Cyber Security Centre (NCSC), which is part of GCHQ and serves as the UK government’s authority on cyber threats, is actively monitoring the situation.
An NCSC spokesperson informed Sky News that they are closely monitoring the impact in the UK following reports of a critical vulnerability in SAP NetWeaver being actively exploited. The NCSC is urging organizations to adhere to best practices recommended by the vendor to mitigate the vulnerability and potential malicious activities. Vulnerabilities are a common aspect of cybersecurity, and all organizations must devise effective strategies to manage potential security issues. JP Perez-Etchegoyen, the chief technical officer of Onapsis, a company specializing in SAP cybersecurity, disclosed that exploits of the backdoor were initially observed at the beginning of the year and have been escalating since March.
Last week, Cabinet minister Pat McFadden cautioned companies that recent cyber attacks on M&S, Co-op, and Harrods should serve as a “wake-up call” for businesses. While some companies declined to comment on the specific attacks, they have been collaborating with the NCSC on cybersecurity matters. The initial analysis of the exploit linked the attacks to “Chinese cyber-espionage units” based on various indicators such as Chinese-named files detected during the hack and the modus operandi of the hackers. The Chinese groups aim to strategically compromise critical infrastructure, extract sensitive data, and maintain persistent access across high-value networks worldwide.
SAP has acknowledged and addressed vulnerabilities in SAP NetWeaver Visual Composer, issuing patches in April and May 2025. The company has urged all customers using SAP NetWeaver to install these patches for enhanced protection. The Chinese embassy in London has been approached for comment on these developments. The situation remains dynamic, and organizations are advised to remain vigilant and take proactive measures to safeguard their networks against potential cyber threats.
