Hackers Use SAP Flaw to Breach Linux, Plant Malware

Hackers used an SAP flaw to breach a U.S.-based chemicals company’s network in April 2025, exploiting a now-patched vulnerability in SAP NetWeaver. The attackers deployed the Auto-Color backdoor on Linux systems over a three-day period, gaining unauthorized access and attempting to download suspicious files. The intrusion involved direct communication with malicious infrastructure linked to the malware.

The threat actors moved quickly once inside the network. Investigators observed that the attackers leveraged the compromised environment to distribute Auto-Color and maintain persistent access. Hackers use SAP flaw tactics like this to target enterprise-grade software, even after patches are released.

Security analysts tracked the attackers’ movements in real time, identifying evidence of multiple file download attempts and outbound connections to known Auto-Color nodes. The incident highlights the importance of timely patching and continuous monitoring in corporate IT environments.

For the full report and technical analysis, read the official article at the link below.
https://thehackernews.com/2025/07/hackers-exploit-sap-vulnerability-to.html