Microsoft says hackers attacking energy grids using decades-old software

Microsoft suggests malicious hackers are entering critical systems through widely-used servers discontinued in 2005.

Microsoft said this week that technology discontinued in 2005 is still being used widely and poses threats and vulnerabilities to power grids and the petroleum industry.

Malicious hackers, according to the tech giant, are gaining access into secure networks and devices through common Internet of Things, or IoT devices before deploying payloads.

Microsoft logo

The new Operating System Microsoft Windows 11 is available in France since October 5, 2021  (Daniel Pier/NurPhoto via Getty Images / Getty Images)

Microsoft said it looked at a report published by Recorded Future that was published in April 2022 that detailed a suspected electrical grid intrusion in India and found a common component that is vulnerable – the Boa web server.

SECURITY EXPERT REVEALS THE TICKTOK SETTING THAT EXPOSES YOUR DATA – AND HOW TO TURN IT OFF

Boa servers, Microsoft said, are used to access settings, management consoles, and sign-in screens on devices, and despite being discontinued in 2005, they continue to be implemented by vendors.

Boa vulnerabilities allow hackers to gain access to networks by collecting data from files.

hacker

Boa vulnerabilities allow hackers to gain access to networks by collecting data from files. (iStock / iStock)

When Microsoft looked into the Recorded Future report, it found the Indian incident was just one of several intrusion attempts to gain access to infrastructure in the subcontinent. The most recent attack was in October 2022.

FEAR DRIVING CHINA'S TECH MANIPULATION POSES THREAT TO ALL: UK SPY CHIEF

Some information obtained in the Indian energy hack included sensitive employee information, financial records, client records, engineering drawings and private keys.

The commonality among all the IP addresses assessed by Microsoft was they were all running Boa servers. A further analysis found that 10% of the IP addresses returned connections to critical industries like the petroleum industry,

Microsoft HQ

A building on the Microsoft Headquarters campus is pictured July 17, 2014, in Redmond, Washington. (Stephen Brashear/Getty Images / Getty Images)

These same IP addresses were attached to IoT devices like routers that had unpatched vulnerabilities.

"Microsoft continues to see attackers attempting to exploit Boa vulnerabilities," the tech company said. "The popularity of Boa web servers is especially concerning as Boa has been formally discontinued since 2005."

CLICK HERE TO READ MORE ON FOX BUSINESS

In the span of a week, Microsoft said, its Defender Threat Intelligence platform found over 1 million internet-exposed Boa server components around the world.

The biggest bulk of those components were in India, while the U.S., Brazil and South America showed large numbers as well.

To address these vulnerable components, Microsoft suggested organizations and network operators patch vulnerable devices and, if possible, find devices with vulnerable components and add measures to identify and detect malicious activities.