Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa.
The tech behemoth’s cybersecurity division said the vulnerable component poses a “supply chain risk that may affect millions of organizations and devices.”
The findings build on a prior report published by Recorded Future in April 2022, which delved into a sustained campaign orchestrated by suspected China-linked adversaries to strike critical infrastructure organizations in India.
The cybersecurity firm attributed the attacks to a previously undocumented threat cluster called Threat Activity Group 38. While the Indian government described the attacks as unsuccessful “probing attempts,” China denied it was behind the campaign.
The connections to China stem from the use of a modular backdoor dubbed ShadowPad, which is known to be shared among several espionage groups that conduct intelligence-gathering missions on behalf of the nation.
images from Hacker News