As you may have heard the Italian surveillance and intrusion software firm Hacking Team was hacked last week and 400GB of stolen internal company files were posted on the Internet. For example more than 1 million emails were made search-able by Wikileaks.
Driven by an interest for SAP Security I was curious to see if there was SAP related information in this scarce resource of emails from this shady company.
As it turns out there IS an interest in SAP specific targets, vulnerabilities, exploits and tooling. For example the SAP Metasploit modules are found to be “Interesante“, it even seems they are actively targeting a specific SAP system and new tools related to SAP Security are actively followed.
Conclusions cannot really be drawn from these few emails, but in general it seems that also in this specific case SAP systems are of interest to companies like Hacking Team. Protecting yourself from these specialized companies can be a daunting task but don’t let that be an excuse to not do anything. SAP Security guides and additional documentation are available. Also SAP just recently release a SAP Security Baseline that can be of help for your organization.
So make sure your SAP Security is tight and up-to-date to minimize risks!
P.S. If you want to search through this vast resource of interesting emails yourself, see https://wikileaks.org/hackingteam/emails/.