China-based Hack Targets UK Companies in 'Critical National Security Threat'

A new wave of cyber attacks against British companies has been revealed, with a "critical national security threat" identified by an analyst. Unlike recent attacks on Marks & Spencer (M&S), Co-op, and Harrods, which were carried out using ransomware, the latest incident involves remote code execution - a more sinister form of hacking.

The attack, exposed by cybersecurity firm EclecticIQ, used a previously unknown backdoor in software called SAP Netweaver to gain control of devices and networks. This is where hackers take over internet-connected systems to run malicious programs or steal sensitive data. The vulnerability has been patched by the software's developer, but experts warn that many companies are still at risk.

According to EclecticIQ's chief executive, Cody Barrow, a seasoned cybersecurity expert who previously worked at the Pentagon, NSA, and US Cyber Command, this is a scenario that keeps people like him up at night. "Governments should treat this as a critical national security threat," he said, adding that the exploitation of networks is "extensive and ongoing", with over 500 SAP customers affected and potentially many more.

Several major UK companies have been targeted, including gas giant Cadent, publishers News UK, Euro Garages Group, Johnson Matthey, and Ardagh Metal. The attacks were also directed at US and Saudi Arabian entities. NHS England has posted a warning about the exploit on their website, although it's unclear if they are directly affected.

The National Cyber Security Centre (NCSC), which monitors cyber threats for the UK government, is keeping an eye on the situation. An NCSC spokesperson told Sky News: "We're monitoring for UK impact following reports of a critical vulnerability affecting SAP NetWeaver being actively exploited." The NCSC strongly advises organisations to follow vendor best practice to mitigate the risk and potential malicious activity.

JP Perez-Etchegoyen, chief technical officer at Onapsis - which specializes in the cybersecurity of SAP - said that exploits of the backdoor were first observed at the start of this year and began to increase in March. Last week, Cabinet minister Pat McFadden warned companies that recent cyber attacks on M&S, Co-op, and Harrods should be a "wake-up call" for businesses.

The Background: Chinese Cyber-Espionage Units

Analysts have linked the attacks to "Chinese cyber-espionage units", based on factors such as Chinese-named files identified as part of the hack, and the way the hackers operated. The aim of these groups is to "operate strategically to compromise critical infrastructure, exfiltrate sensitive data, and maintain persistent access across high-value networks worldwide", according to an initial summary.

The targets in the UK included critical gas distribution networks, water and integrated waste management utilities. The attacks are believed to be part of a broader strategy by China-backed cyber groups to gather sensitive information and disrupt critical infrastructure.

What Can You Do?

SAP has issued patches for both vulnerabilities, urging customers to install them to protect themselves. Experts warn that this is not just a matter of keeping software up-to-date but also taking other security measures to prevent similar attacks in the future.

As one of the affected companies, News UK spokesperson declined to comment on the specific attack. However, the company works with the NCSC on cyber security issues.

The Chinese embassy in London has been approached for comment, but so far, there is no official response.

Cybersecurity Experts Weigh In

Cody Barrow, CEO of EclecticIQ, stressed that vulnerabilities are a common aspect of cybersecurity and that all organisations must consider how to manage potential security issues. "This is not just about the attack itself but also about the broader context," he said.

JP Perez-Etchegoyen added: "The key takeaway is that this vulnerability has been patched, but we need to be vigilant and keep monitoring for similar attacks." He urged companies to take proactive measures to strengthen their security posture.