A massive Chinese cyberattack campaign targeting hundreds of UK firms has exposed critical vulnerabilities in corporate networks, with hackers exploiting previously unknown weaknesses in SAP Netweaver software to gain unauthorized access.
Over 500 SAP customers have been confirmed affected, including prominent organizations such as gas giant Cadent, News UK, Euro Garages Group, Johnson Matthey, and Ardagh Metal, raising serious concerns about national security implications.
Unlike traditional ransomware attacks, the hackers employed sophisticated remote code execution techniques to infiltrate networks and potentially extract sensitive data. The previously undiscovered backdoor in SAP Netweaver software allowed unauthorized remote access, permitting attackers to run malicious programs and exfiltrate information without deploying conventional ransomware tools.
The scale of these attacks has been particularly concerning, with cybersecurity analysts reporting up to 300% increases in attacks across financial, media, manufacturing, and industrial sectors in 2024.
Cybersecurity experts warn of tripled attack rates targeting key UK sectors, signaling unprecedented threats to industrial and financial infrastructure.
The campaign has extended beyond corporate targets to affect critical national infrastructure, including gas distribution networks, publishing houses, and retail operations, as well as compromising UK telecom and internet service providers.
Intelligence reports attribute these attacks to China-based hacking groups, some operating as state-backed advanced persistent threats (APTs).
Chinese cyber espionage operations have surged by 150% in 2024, with leaked chat logs revealing access to vulnerabilities in key UK government organizations, including the Foreign Office and British Treasury.
The NCSC is monitoring the concerning developments and providing guidance to affected organizations.
The UK government’s response has been measured, with authorities often withholding details of Chinese-linked intrusions citing national security concerns.
Security analysts are advising organizations to treat Chinese cyber operations as persistent, ongoing threats to critical infrastructure.
The Flax Typhoon botnet operation involving over 260,000 devices globally, with approximately 8,500 in the UK, demonstrates the expanding scope of Chinese cyber capabilities.
Although patches for the exploited SAP vulnerability have been released, exposure remains significant for unpatched systems, prompting urgent calls for improved cybersecurity measures across affected sectors.
The involvement of Chinese contractors, with competing groups vying for state-sponsored work, suggests a coordinated effort to gather intelligence and potentially disrupt critical services, marking this campaign as a significant escalation in cyber threats against UK interests.
