# Malicious Cyber Activity Targeting Critical SAP Applications

**[us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications](https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications)**

An official website of the United States government Here's how you know

**Official websites use .gov**

A .gov website belongs to an official government organization in the United States.

**Secure .gov websites use HTTPS**

A lock ( **) or https:// means you've safely connected to the .gov website. Share sensitive**
information only on official, secure websites.

[CISA.gov](https://www.cisa.gov/) [Services](https://us-cert.cisa.gov/services) [Report](https://us-cert.cisa.gov/report)

SAP systems running outdated or misconfigured software are exposed to increased risks of
malicious attacks. SAP applications help organizations manage critical business processes
—such as enterprise resource planning, product lifecycle management, customer
relationship management, and supply chain management.

On April 6 2021, security researchers from Onapsis, in coordination with SAP, released an
[alert detailing observed threat actor activity and techniques that could lead to full control of](https://www.onapsis.com/active-cyberattacks-mission-critical-sap-applications)
unsecured SAP applications. Impacted organizations could experience:

theft of sensitive data,
financial fraud,
disruption of mission-critical business processes,
ransomware, and
halt of all operations.


-----

CISA recommends operators of SAP systems review the Onapsis Alert Active Cyberattacks
on Mission-Critical SAP Applications for more information and apply necessary updates and
mitigations.

See CISA’s previous alerts on SAP:

[This product is provided subject to this Notification and this](https://us-cert.cisa.gov/privacy/notification) [Privacy & Use policy.](https://www.dhs.gov/privacy-policy)

**Please share your thoughts.**

[We recently updated our anonymous product survey; we'd welcome your feedback.](https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications)


-----