Microsoft says attackers are hacking energy grids by exploiting decades-old software

Microsoft has discovered hackers exploiting a vulnerable open source component in the Boa web server, which despite being discontinued in 2005, is still widely used in IoT devices and software development kits. The attackers use this vulnerability to gain a foothold on operational technology networks, which presents a significant supply chain risk. Microsoft also said that mitigating these flaws is challenging due to the continued widespread usage of Boa and its complex integration in the IoT device supply chain.