Microsoft analysts report that vulnerabilities in Boa’s Forgotten Web Servers, which were deprecated in 2005, are being used to hack organizations in the energy sector.
Back in 2021, Recorded Future discovered a Chinese hack group that was attacking power grids in India. In April 2022, the same researchers published a new report describing attacks launched by another “government hacker” from China against the Indian energy sector.
Then the attackers attacked several Indian power grid operators, compromised the national emergency response system, as well as a subsidiary of an unnamed logistics company.
Let me remind you that we also said that Chinese Government Hackers Successfully Spy on Organizations in Europe, Australia and Southeast Asia, and also that China uses the Great Cannon again for DDoS attacks.
Recorded Future specialists did not report anything about the attack vector used by the hackers, but now Microsoft Security Threat Intelligence analysts write that the attackers used a vulnerable component of the Boa open-source web server. Its development was discontinued back in 2005, but Boa is still used by many IoT devices (from routers to smart cameras), as it is included in popular SDKs.
Since Boa is one of the components used to log in and access IoT device management, this greatly increases the risk of hacking critical infrastructure with vulnerable IoT devices running a vulnerable web server.
According to Microsoft, in just a week, more than 1 million Boa server components were discovered worldwide, accessible via the Internet.
Essentially, an unauthenticated attacker could exploit these vulnerabilities to obtain user credentials and then use them to remotely execute code. For example, in one of the latest attacks using these vulnerabilities, Hive ransomware operators compromised Tata Power, India’s largest energy company.
Leave a Comment