Microsoft says hackers are attacking energy networks using decades-old software


Microsoft said this week that the technology, which was discontinued in 2005, is still widely used and poses threats and vulnerabilities to the power grid and petroleum industry.

According to the tech giant, malicious hackers gain access to secure networks and devices through common Internet of Things or IoT devices before deploying payloads.

The new Microsoft Windows 11 operating system will be available in France from October 5, 2021

Microsoft said it looked at a Recorded Future report published in April 2022 that detailed a suspected intrusion into India’s power grid and found a common component that is vulnerable: the Boa web server.

Security experts reveal the TikTok setting that exposes your data – and how to disable it

Boa servers are used to access settings, management consoles and login screens on devices, Microsoft said, and despite being discontinued in 2005, vendors are deploying them.

The Boa vulnerability allows hackers to gain access to a network by collecting data from files.

The Boa vulnerability allows hackers to gain access to a network by collecting data from files.

Read more Fox Business app

When Microsoft examined the Recorded Future report, it found that the Indian incident was one of several intrusion attempts to access infrastructure on the subcontinent. The most recent attack was in October 2022.

Fear of technical manipulation by China threatens everyone: British spy chief

Some of the information obtained from Indian Energy during the hack included sensitive employee information, financial data, customer data, technical drawings and private keys.

What all the IP addresses evaluated by Microsoft had in common was that they all ran Boa servers. Another analysis found that 10% of IP addresses returned connections to key industries, such as the petroleum industry.

Also read  Microsoft Corporation (NASDAQ:MSFT) insiders sold $30 million worth of stock, signaling impending weakness.

Microsoft headquarters

A building at Microsoft’s headquarters is pictured on July 17, 2014 in Redmond, Washington.

Those same IP addresses were tied to IoT devices, such as routers with unpatched vulnerabilities.

Microsoft sees attackers trying to exploit Boa vulnerabilities. “The popularity of the Boa web server is of particular concern because Boa has been formally discontinued since 2005.”

Click here to read more about Fox Business

Microsoft said its Defender Threat Intelligence platform found more than 1 million Internet-exposed Boa server components worldwide within a week.

The largest share of those components was in India, while the US, Brazil and South America also showed large numbers.

To address these vulnerable components, Microsoft suggested organizations and network operators patch vulnerable devices and, if possible, find devices with vulnerable components and add measures to identify and detect malicious activity.




Leave a Comment