Tech »  Topic »  Energy firms hacked via flaws in discontinued server

Energy firms hacked via flaws in discontinued server


(Image credit: Shutterstock)

Software vulnerabilities found in platforms that have been discontinued for almost two decades were used to compromise a number of public and private entities in India, a new report from Microsoft says.

The company found electrical grid operators in India, a national emergency response system, and the subsidiary of a multinational logistics company were all targeted, using flaws found in the Boa web (opens in new tab) server.

The victims were previously identified in an April report, published by cybersecurity company Recorded Future.

Included in SDKs

Boa is an open-source small-footprint web server, suitable for embedded applications. Despite receiving no support, or updates, for years, businesses still use it to manage their IoT devices, and in this case, it was used to manage internet-facing DVR/IP cameras. Boa was discontinued in 2005. Using the flaws to access the cameras, the attackers identified as RedEcho installed Shadowpad malware ...


Copyright of this story solely belongs to techradar.com . To see the full text click HERE