Attackers are using decommissioned Boa web server on energy grids

Share post:

Microsoft is warning organizations about the risks associated with the decommissioned Boa web server, which was apparently exploited by threat actors in an operation targeting the energy sector.

Despite the software’s retirement in 2005, Microsoft researchers discovered a vulnerable open-source component in the Boa web server, which is still widely used in a variety of routers and security cameras, as well as popular software development kits (SDKs).

Microsoft also looked into the IP addresses associated with those IoCs and discovered that they were hosting Boa, an open-source web server designed for embedded applications. The issue is that while Boa has been decommissioned since 2005, it is still present in many IoT devices.

While Boa is no longer maintained, vulnerabilities in the web server continue to be discovered, including CVE-2017-9833, which allows arbitrary file access, and CVE-2021-33558, which can result in information disclosure.

An unauthenticated attacker, according to Microsoft, could exploit these vulnerabilities to obtain user credentials and use them for remote code execution.

The flaw was discovered while investigating a possible Indian electric grid intrusion in which Chinese state-sponsored attackers used IoT devices to gain access to operational technology (OT) networks, which are used to monitor and control physical industrial systems.

Other targets included a number of State Load Despatch Centres (SLDCs), which are in charge of grid control and electricity dispatch. Through access to supervisory control and data acquisition (SCADA) systems, these SLDCs maintain grid frequency and stability.

The sources for this piece include an article in TechCrunch.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways