Microsoft is warning organizations about the risks associated with the discontinued Boa web server after vulnerabilities affecting the software were apparently exploited by threat actors in an operation aimed at the energy sector.
In 2021, threat intelligence company Recorded Future reported seeing a Chinese threat group targeting operational assets within India’s power grid. In April 2022, the cybersecurity firm published a new report describing attacks launched by a different Chinese state-sponsored threat actor against organizations in India’s power sector.
Targets included several State Load Despatch Centres (SLDCs) responsible for carrying out grid control and electricity dispatch operations. These SLDCs maintain grid frequency and stability through access to supervisory control and data acquisition (SCADA) systems.
When it released its report in April, Recorded Future shared some indicators of compromise (IoCs) to help organizations detect potential intrusions.
Microsoft has analyzed the IP addresses included in those IoCs and determined that ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE