SAP Cyberattack Spreads, Echoes Typhoon APT Tactics

A wave of zero-day cyberattacks targeting SAP, Europe’s largest software maker, is expanding, with hundreds of victims identified globally. The scale and sophistication of the campaign have drawn comparisons to operations conducted by Salt Typhoon and Volt Typhoon—advanced threat groups linked to state-backed cyber activity. Although the full extent of the breach remains unclear, the emergence of numerous casualties suggests a widespread and coordinated assault on enterprise software systems.

The attacks exploited previously unknown vulnerabilities, allowing unauthorized access to SAP environments across multiple regions. Security analysts are closely monitoring the situation as more affected organizations continue to surface. The breach underscores the growing threat posed by highly skilled adversaries targeting critical software infrastructure.

SAP has not released detailed statements on the impact, but cybersecurity experts warn that the incident could have long-term implications for customers relying on the company’s platforms. Investigations are ongoing as authorities assess the breadth of the compromise.