Hackers attack the energy sector by taking advantage of flaws in old software

A large number of routers and objects connected to the Web contain code that has been deprecated for more than 15 years, which includes several critical flaws. Hackers would use it as an entry point to attack the infrastructure of certain companies, particularly in the energy sector.

Microsoft just released a report regarding an ongoing wave of attacks. Hackers attack certain devices that can compromise the internal networks of companies, and more specifically target the energy sector. This follows an initial report published by Recorded Future in April on attacks in India attributed to a group of hackers sponsored by the Chinese government.

Microsoft investigated and discovered that hackers infiltrate systems through the presence of the Boa web server, a software component that has been deprecated since 2005. Boa is included in routers, connected objects and in software development kits (SDKs ). This component contains several critical flaws, including arbitrary file access (CVE-2017-9833) and information disclosure (CVE-2021-33558).

Over a million devices on display

These vulnerabilities can be exploited without authentication. Once the device containing the Boa server is compromised, hackers can use it to attack the rest of the company’s internal network. The most recent attack took place against the Indian company Tata Power in October. The Hive hacker group had demanded a ransom, then posted the stolen data on the dark web when the firm refused to pay.

Microsoft has detected the presence of the Boa server on more than one million internet-connected devices, which means that a large number of companies could be vulnerable to attacks.

Leave a Comment