This week, Microsoft warned that millions of web server implementations outdated for 17 years are vulnerable to intrusion. Hackers are exploiting the open-source Boa web servers commonly used in internet of things (IoT) devices to enable user access to settings, management consoles and sign-in screens.
Microsoft zeroed in on the threat following an investigation into an April 2022 Recorded Future report that detailed malicious cyberactivity against India’s electric grids by Chinese state-sponsored groups. The IP addresses and indicators of compromise shared by Recorded Future led them to uncover the use of the abandoned Boa web servers.
The company found that the vulnerable Boa servers, despite being discontinued in 2005, are still built into popular software development kits (SDKs) and are thus leveraged across a host of IoT devices such as routers, cameras, access points, and more, making it a supply chain security issue.
Redmond identified over one million internet-exposed Boa web servers. A search on Shodan delivers over 1.58 million results.
A cyberattack by Chinese threat actors is suspected of having caused the October 2020 blackout in…