Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dcontesti
Community Champion
‎11-29-2022 12:07 AM
‎11-29-2022 12:07 AM

Microsoft attributes alleged Chinese attack on Indian power grid to ‘Boa’ IoT vulnerability

Microsoft has tied an attack on seven facilities managing the electricity grid in Northern India to a vulnerability affecting a web server discontinued in 2005 but still used widely by vendors across a variety of IoT devices and popular software development kits.

https://therecord.media/microsoft-attributes-alleged-chinese-attack-on-indian-power-grid-to-boa-iot-...

For those that may not know what Boa is, here is an explanation:

Boa is a discontinued since 2005 open-source small-footprint web server that is suitable for embedded applications. Originally written by Paul Phillips, it was previously maintained by Larry Doolittle and Jon Nelson. Slashdot and Fotolog use Boa to serve images.

A second article on the topic can be found here:

https://thehackernews.com/2022/11/hackers-exploiting-abandoned-boa-web.html

For those that support SCADA systems, this is a reminder that Open Source software can become legacy and unsupported, leaving it open to vulnerabilities.

d

Reply
0 Replies