Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
Alert

Malicious Cyber Activity Targeting ERP Applications

Last Revised

Digital Shadows Ltd. and Onapsis Inc. have released a report describing an increase in the exploitation of vulnerabilities in Enterprise Resource Planning (ERP) applications. ERP applications help organizations manage critical business processes—such as product lifecycle management, customer relationship management, and supply chain management. An attacker can exploit these vulnerabilities to obtain access to sensitive information.

NCCIC encourages users and administrators to review the Digital Shadows and Onapsis report, Exploitation of Enterprise Resource Planning Business Applications, and NCCIC Alert TA16-132A: Exploitation of SAP Business Applications, for further information and recommendations on protecting ERP applications.