Microsoft attributes alleged Chinese attack on Indian power grid to ‘Boa’ IoT vulnerability
Microsoft has tied an attack on seven facilities managing the electricity grid in Northern India to a vulnerability affecting a web server discontinued in 2005 but still used widely by vendors across a variety of IoT devices and popular software development kits.
For those that may not know what Boa is, here is an explanation:
Boa is a discontinued since 2005 open-source small-footprint web server that is suitable for embedded applications. Originally written by Paul Phillips, it was previously maintained by Larry Doolittle and Jon Nelson. Slashdot and Fotolog use Boa to serve images.