Microsoft has warned that malicious hackers are exploiting a discontinued web server found in common internet of things devices to target organizations in the energy sector.
In an analysis published on Tuesday, Microsoft researchers said they had discovered a vulnerable open-source component in the Boa web server, which is still widely used in a range of routers and security cameras. The component that the technology giant identified was used by Chinese state-sponsored attackers to gain a foothold on operational technology networks used to monitor and control physical industrial systems.
Microsoft warned that the vulnerable component poses a supply chain risk that could affect millions of organizations and devices.
A high-severity information disclosure bug and another arbitrary file access flaw are included in the Boa flaws.
According to Microsoft, thevulnerabilities can allow an attacker to collect information about network assets before an attack is launched, and to gain access to a network undetected by obtaining valid credentials.
According to Microsoft, the most recent attack it observed was the compromise of the power company. Sensitive employee information, engineering drawings, financial and banking records, client records, and some private keys were stolen from the Indian energy giant and published by the Hive Ransomware group.
According to Microsoft, attackers continue to attempt to exploit the vulnerabilities beyond the time frame of the report.
The complex nature of how it is built into the internet of things supply chain is one of the reasons why it is difficult to mitigate these flaws. Microsoft recommends patching vulnerable devices, identifying vulnerable devices, and configuring detection rules to detect malicious activity.
The supply chain risk is highlighted by flaws in network components. Up to three billion devices may have been affected by Log4Shell, a zero-day vulnerability that was discovered in Log4j.
Tata Power, a top power producer in India, confirms cyberattack