Microsoft warned that malicious hackers are exploiting a discontinued web server found in IoT devices targeting organisations in the energy sector, according to a TechCrunch report.
Microsoft researchers mentioned in an analysis published recently about the discovery of a vulnerable open-source component in the Boa web server, widely used in a range of routers and security cameras, and software development kits (SDKs).
Researchers identified the component while investigating a suspected Indian electric grid intrusion first detailed by Recorded Future in April, where Chinese state-sponsored attackers used IoT devices, TechCrunch reported.
Microsoft said it identified one million Boa server components globally over a week, warning that the vulnerable component poses a “supply chain risk that may affect millions of organisations and devices.” The company continues to see attackers attempting to exploit Boa flaws, which include a high-severity information disclosure bug (CVE-2021-33558) and arbitrary file access flaw (CVE-2017-9833).
Also read: How to activate 5G on iPhones
“The known (vulnerabilities) impacting such components can allow an attacker to collect information about network assets before initiating attacks, and to gain access to a network undetected by obtaining valid credentials,” Microsoft said.
Tech Crunch quoted a recent attack Microsoft observed was the compromise of Tata Power in October. This breach resulted in the Hive ransomware group publishing data stolen from the Indian energy giant, which included sensitive employee information, engineering drawings, financial and banking records, client records, and some private keys.
“Microsoft continues to see attackers attempting to exploit Boa vulnerabilities beyond the timeframe of the released report, indicating that it is still targeted as an attack vector,” the company said.