New Delhi :Microsoft has warned that state-sponsored hackers are attacking critical energy infrastructure in India via exploiting a discontinued web server, with the most recent attack it observed was on Tata Power in October.
Microsoft security researchers discovered a vulnerable open-source component in the "Boa web server" still being used in routers, security cameras and popular software development kits (SDKs), despite its retirement in 2005.Tata Power last month admitted it was hit by a cyber attack on its IT infrastructure. The power company, however, said that all its critical operational systems were functioning normally. The cyber attack on Tata Power was the handiwork of Hive ransomware group thatAhas victimised over 1,300 companies worldwide, receiving approximately $100 million in ransom payments, according to a joint advisory by the FBI, the US Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services last week.
Microsoft said it continues to see attackers attempting to exploit Boa vulnerabilities, indicating that it is still targeted as an attack vector. A report published by cybersecurity company Recorded Future in April this year first detailed suspected electrical grid intrusion activity and implicated common IoT devices. While investigating the attack activity, Microsoft researchers assessed the vulnerable component to be the now-retired Boa web server, which is often used to access settings and management consoles and sign-in screens in devices.