Boa Web Server
Although the Boa web server has been discontinued back in 2005, a lot of businesses still continue to use the same. Companies continue to use Boa web servers as it is bundled in the software development kit (SDKs) of a product. However, according to the latest report from Microsoft, Boa web server comes with potential risks and it is easy for hackers to target these services. More importantly, Microsoft’s research showed that Indian power companies have faced several attacks because of the web server.
Most recently, Tata Power disclosed a cyber attack by the Hive ransomware group last month. In this case, hackers managed to steal data related to the personal details of employees, which includes details like Aadhaar numbers, PAN card details, and salary information. Microsoft has confirmed that Tata Power was hosted on Boa web servers, which has made it vulnerable and easy to hack due to outdated security protocols. Microsoft claims that over one million devices are still running on the outdated boa web server.
Microsoft warned that malicious hackers are exploiting a discontinued web server found in IoT devices targeting organisations in the energy sector, according to a TechCrunch report. researchers mentioned in an analysis published recently about the discovery of a vulnerable open-source component in the Boa web server, widely used in a range of routers and security cameras, and software development kits (SDKs).
Researchers identified the component while investigating a suspected Indian electric grid intrusion first detailed by Recorded Future in April, where Chinese state-sponsored attackers used IoT devices, TechCrunch reported. Microsoft said it identified one million Boa server components globally over a week, warning that the vulnerable component poses a “supply chain risk that may affect millions of organisations and devices.” The company continues to see attackers attempting to exploit Boa flaws, which include a high-severity information disclosure bug (CVE-2021-33558) and arbitrary file access flaw (CVE-2017-9833).
Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called BoaThe tech behemoth’s cybersecurity division said the vulnerable component poses a “supply chain risk that may affect millions of organizations and devices.”The findings build on a prior report published by Recorded Future in April 2022, which delved into a sustained campaign orchestrated by suspected China-linked adversaries to strike critical infrastructure organizations in India.
The cybersecurity firm attributed the attacks to a previously undocumented threat cluster called Threat Activity Group 38. While the Indian government described the attacks as unsuccessful “probing attempts,” China denied it was behind the campaign.