SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons | CyberScoop<\/title> <meta name=\"description\" content=\"Hundreds of victims are surfacing across the world from zero-day cyberattacks on Europe\u2019s biggest software manufacturer and company.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons\"> <meta property=\"og:description\" content=\"Hundreds of victims are surfacing across the world from zero-day cyberattacks on Europe\u2019s biggest software manufacturer and company.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-05-15T17:30:42+00:00\"> <meta property=\"article:modified_time\" content=\"2025-05-15T17:45:21+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1244\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1747157649g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1747161863g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84541\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84541\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84541 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.110663983903\">\n<div class=\"single-article__header-content\" readability=\"33.270348837209\">\n<p> Multiple firms are tracking the zero-day attacks on Europe\u2019s top software firm. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84541\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"415\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons.jpg?resize=640%2C415&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons-2.jpg?resize=300,194 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons-2.jpg?resize=768,498 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons-2.jpg?resize=1024,663 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons-2.jpg?resize=1536,995 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons-2.jpg?resize=600,389 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons-2.jpg?resize=259,168 259w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons-2.jpg?resize=520,337 520w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons-2.jpg?resize=1042,675 1042w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons-2.jpg?resize=1301,843 1301w\" sizes=\"(max-width: 1042px) 100vw, 1042px\"><figcaption> Signage at the headquarters of SAP AG, Germany’s largest software company on January 8, 2013 in Walldorf, Germany. (Photo by Thomas Lohnes\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"54.9229079289\"><body readability=\"115.15979496323\"><\/p>\n<p>Hundreds of victims are surfacing across the world from zero-day cyberattacks on Europe\u2019s biggest software manufacturer and company, in a campaign that one leading cyber expert is comparing to the vast Chinese government-linked Salt Typhoon and Volt Typhoon breaches of critical infrastructure.<\/p>\n<p>The zero-days \u2014 vulnerabilities previously unknown to researchers or companies, but that malicious hackers have discovered \u2014 got patches this month and last month, but there are signs <a href=\"https:\/\/cyberscoop.com\/sap-netweaver-zero-day-exploit-cve-2025-31324\/\">it could be getting worse<\/a> before it gets better, according to Dave DeWalt, CEO of NightDragon, a venture capital and advisory firm. Ransomware gangs are now reported to be exploiting it, beyond the original Chinese government-connected attackers.<\/p>\n<p>\u201cThe net of it is this is like the Typhoon size, so much like we saw [with] <a href=\"https:\/\/cyberscoop.com\/tag\/volt-typhoon\/\">Volt Typhoon<\/a> and then <a href=\"https:\/\/cyberscoop.com\/tag\/salt-typhoon\/\">Salt Typhoon<\/a>,\u201d DeWalt told CyberScoop. \u201cOnce these exploits get into the wild, it\u2019s a race to see who can get more access to it. So initially it looks like three Chinese actors all used it, and now we\u2019re going to see more.\u201d<\/p>\n<p>A number of companies have been tracking the vulnerability and its consequences, including one, <a href=\"https:\/\/onapsis.com\/blog\/active-exploitation-of-sap-vulnerability-cve-2025-31324\/\">Onapsis<\/a>, that DeWalt\u2019s company invests in, along with <a href=\"https:\/\/blog.eclecticiq.com\/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures\">EclecticIQ<\/a>, <a href=\"https:\/\/reliaquest.com\/blog\/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise\/\">ReliaQuest<\/a> and Google\u2019s Mandiant.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Onapsis has collaborated with Mandiant to develop an open-source tool to help organizations detect the attack, which is particularly stealthy, according to Mariano Nunez, CEO of Onapsis, who believes there are likely thousands of victims.<\/p>\n<p>\u201cWe\u2019ve discovered that attackers could actually deploy these attacks without even touching or without even creating web shells,\u201d Nunez told CyberScoop. \u201cThey could execute commands in a way that they would not be detected through looking for web shells in the systems or artifacts.\u201d<\/p>\n<p>A couple other things make the vulnerabilities particularly worrisome, DeWalt said. One is that they affect SAP NetWeaver, which he noted sits in the \u201cmiddleware\u201d layer of SAP\u2019s infrastructure and gives attackers a lot of options. <\/p>\n<p>\u200b\u201dI think of this like SolarWinds, where you\u2019re able to get full remote access of the SAP system,\u201d he said. \u201cYou could then modify, delete or insert data into SAP unchecked. You can turn off logging. You can add new administrators. You can exfiltrate. You can infiltrate. You can put code executables into the platform, <a href=\"https:\/\/cyberscoop.com\/solarwinds-supply-chain-treasury-commerce-espionage\/\">very Orion-like<\/a>, as part of the SolarWinds.\u201d<\/p>\n<p>Second, the patches require a full reboot. \u201cNot many companies were willing to do a full reboot of SAP, because these are manufacturing and financial systems, and [there is] lots at stake when you\u2019re doing a reboot like that,\u201d DeWalt said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The victims \u2014 581 of them identified so far by EclecticIQ\u2019s latest but likely just a partial count \u2014 are primarily in the United States, United Kingdom and Saudi Arabia, DeWalt said. They include critical infrastructure owners and operators in the fields of oil and gas, medical device manufacturing, water and waste management and government agencies.<\/p>\n<p>Google Threat Intelligence Group told CyberScoop they have seen successful exploitation of one of the zero-days dating back to March. <\/p>\n<p>\u201cExploitation, thus far, has been successful at posting files and web shells to vulnerable SAP servers, while evidence also suggests actors have been successful at command execution and exfiltrating data,\u201d said Jared Semrau, a senior manager at Google Threat Intelligence Group.<\/p>\n<p>But Nunez said the attacks are across all industries.<\/p>\n<p>Also concerning is that news about the attack became public in late April, but Onapsis traced the attack back to Jan. 20. \u201cThree months is a lot of dwell time in cyber,\u201d DeWalt said. Jan. 20 was Inauguration Day for President Donald Trump, and there\u2019s reason to believe that the attackers were interested in espionage on U.S. tariff negotiations, since much of the activity happened during the height of those talks, DeWalt said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Governments in affected countries have been, or are being, briefed, he said.<\/p>\n<p>SAP is urging users to patch their systems.<\/p>\n<p>\u201cSAP is aware of and has been addressing vulnerabilities in SAP NETWEAVER Visual Composer,\u201d SAP told CyberScoop in a statement. \u201cSAP issued a patch on April 24, 2025. A second vulnerability has also been identified and a patch was released on May 13, 2025. We ask all customers using SAP NETWEAVER to install these patches to protect themselves. The Security Notes <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-31324\">can be found here<\/a>.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,413,282,2524,387,3729,117,646,1020,4267,1578,4268,46,3827,2953,4197,2290,626,288,971,1498],"tags":[277,415,286,2528,391,3731,119,650,1023,4269,1581,4270,54,3828,2956,4198,2299,631,294,973,1499],"class_list":["post-7644","post","type-post","status-publish","format-standard","hentry","category-china","category-critical-infrastructure","category-cybercrime","category-gas","category-google","category-google-threat-intelligence-group","category-government","category-mandiant","category-medical-devices","category-nightdragon","category-oil","category-onapsis","category-ransomware","category-reliaquest","category-salt-typhoon","category-sap","category-saudi-arabia","category-solarwinds","category-threats","category-united-kingdom-u-k","category-volt-typhoon","tag-china","tag-critical-infrastructure","tag-cybercrime","tag-gas","tag-google","tag-google-threat-intelligence-group","tag-government","tag-mandiant","tag-medical-devices","tag-nightdragon","tag-oil","tag-onapsis","tag-ransomware","tag-reliaquest","tag-salt-typhoon","tag-sap","tag-saudi-arabia","tag-solarwinds","tag-threats","tag-united-kingdom-u-k","tag-volt-typhoon"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/critical-infrastructure\/\" rel=\"category tag\">critical infrastructure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/gas\/\" rel=\"category tag\">gas<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-intelligence-group\/\" rel=\"category tag\">Google Threat Intelligence Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/medical-devices\/\" rel=\"category tag\">Medical devices<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nightdragon\/\" rel=\"category tag\">NightDragon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/oil\/\" rel=\"category tag\">oil<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/onapsis\/\" rel=\"category tag\">Onapsis<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/reliaquest\/\" rel=\"category tag\">ReliaQuest<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/salt-typhoon\/\" rel=\"category tag\">Salt Typhoon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sap\/\" rel=\"category tag\">SAP<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/saudi-arabia\/\" rel=\"category tag\">Saudi Arabia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/solarwinds\/\" rel=\"category tag\">SolarWinds<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/united-kingdom-u-k\/\" rel=\"category tag\">United Kingdom (U.K.)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/volt-typhoon\/\" rel=\"category tag\">Volt Typhoon<\/a>","tag_info":"Volt Typhoon","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7644","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7644"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7644\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7644"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7644"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7644"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7644,"date":"2025-05-15T12:30:42","date_gmt":"2025-05-15T17:30:42","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84541"},"modified":"2025-05-15T12:30:42","modified_gmt":"2025-05-15T17:30:42","slug":"sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/05\/15\/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons\/","title":{"rendered":"SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons"},"content":{"rendered":"