We were able to identify a diverse number of campaigns, leveraging different techniques and procedures. The vulnerabilities that were individually identified are the Invoker Servlet in SAP Applications (CVE-2010-5326), the SOAPRFC exploit through metasploit and the lack of password hygiene (default/weak usernames and passwords).
Despite those uniquely identified vulnerabilities, attackers could target one of thousands of ERP vulnerabilities, therefore making it crucial for organizations to not only focus on those three but instead should prioritize and address ERP vulnerabilities as they would any other existing production application.