cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dcontesti
Community Champion

Microsoft attributes alleged Chinese attack on Indian power grid to ‘Boa’ IoT vulnerability

Microsoft has tied an attack on seven facilities managing the electricity grid in Northern India to a vulnerability affecting a web server discontinued in 2005 but still used widely by vendors across a variety of IoT devices and popular software development kits.

https://therecord.media/microsoft-attributes-alleged-chinese-attack-on-indian-power-grid-to-boa-iot-...

For those that may not know what Boa is, here is an explanation:

Boa is a discontinued since 2005 open-source small-footprint web server that is suitable for embedded applications. Originally written by Paul Phillips, it was previously maintained by Larry Doolittle and Jon Nelson. Slashdot and Fotolog use Boa to serve images.

A second article on the topic can be found here:

https://thehackernews.com/2022/11/hackers-exploiting-abandoned-boa-web.html

For those that support SCADA systems, this is a reminder that Open Source software can become legacy and unsupported, leaving it open to vulnerabilities.

d

0 Replies