[ad_1]
This week, Microsoft warned that millions of web server implementations outdated for 17 years are vulnerable to intrusion. Hackers are exploiting the open-source Boa web servers commonly used in internet of things (IoT) devices to enable user access to settings, management consoles and sign-in screens.
Microsoft zeroed in on the threat following an investigation into an April 2022 Recorded Future report that detailed malicious cyberactivity against India’s electric grids by Chinese state-sponsored groups. The IP addresses and indicators of compromise shared by Recorded Future led them to uncover the use of the abandoned Boa web servers.
The company found that the vulnerable Boa servers, despite being discontinued in 2005, are still built into popular software development kits (SDKs) and are thus leveraged across a host of IoT devices such as routers, cameras, access points, and more, making it a supply chain security issue.
Redmond identified over one million internet-exposed Boa web servers. A search on Shodan delivers over 1.58 million results.
A cyberattack by Chinese threat actors is suspected of having caused the October 2020 blackout in India’s financial capital Mumbai amid a high-altitude standoff due to border disputes between the two most-populated countries.
Recorded Future’s assessment revealed that since December 2021, Chinese threat actors had used the ShadowPad trojan against the Indian power grid in the Ladakh sector thrice, albeit unsuccessfully. The same hackers also compromised a national emergency response system and an Indian subsidiary of a multinational logistics company.
More recently, the Hive ransomware gang targeted Tata Power, a prominent Indian power company, in October 2022, stealing and leaking employees’ personally identifiable information (PII), salary details, their national identification document numbers (Aadhar), PAN (a unique tax identifier), the company’s financial data, some engineering…
..
[ad_2]
